This sounds like an ugly thing for a ham radio operator and director of a community radio station to say but: Clip your car’s antenna. Or stuff a wad of chewing gum into your car’s USB port, and perhaps its ODB2 port. Enough is enough.
As Andy Greenberg of WIRED wrote of a US DOT Public Service Announcement, “it is important that consumers and manufacturers maintain awareness of potential cyber security threats” to their now hyper-connected cars.
There are likely two antennas, one for radio and one that connects your car to a third-party monitoring system. On-Star, if you have it, is tracking your every move. Do they give information to the NSA? Consider that the NSA probably already gets such cell-phone transmitted information anyway. GM cards have it, and many other cars have their own in-vehicle two-way monitoring systems.
And these monitoring systems can call in an emergency when detectors in your car have “impact” information triggered. They know your position via a GPS monitoring system that might even rival the one on your dash.
More interestingly, they can also open your car doors if you’ve been locked out. What we don’t know is: how well are they protecting their systems, and how easily can the circuits they use be hijacked for nefarious purposes, as law enforcement has been doing for several years now? Stingray fake towers, low-flying aircraft, and perhaps artisan Maker-crafted devices could crack your car open like an egg—once the automaker’s or third-party car trackers PKI is compromised…. If it’s not already compromised.
So, you’re driving down the street, and suddenly, you’re not in control of your car. Add points for being in a self-driven car, so that most items are being controlled by an internal systems controller. Or perhaps it’s just the brakes. Maybe the doors become unlocked….. 20 times per second for the next two hours.
Maybe headlights will come on in your garage, running the battery down. Does your rear-hatch and side doors have a remote opener? Do you like AC?
Perhaps changing the turbo boost table in your car’s computer module is more to your liking, the kind that gives you that sudden lurch or lag in traffic.
I’m shuddering actually to think of the randomized consequences of having any car, anywhere in the world, obey external commands sent to it for any reason, at any time. The possibilities are too gruesome. Imagine a bus full of kids or tourists without brakes, or headlights.
People trust these gadgets, and time and again, they’re proven to have the most ugly of easily breached communications infrastructure. Although the automakers have tried to sell this as a secret protected sauce, we also know that several of them have used their own systems to beat EPA testing.
Embedded temporal keys are one method of authentication between communicators so as to prevent man-in-the-middle attacks, but expensive implementations don’t sell well on a car lot—or would they?
Just the fact that there are PSAs arriving warning us in scary if ambiguous ways that our vehicles are subject to hacking attempts really isn’t enough. Who’s gonna die first? How many deaths must occur until someone raises a red flag? Is this a new international digital weapon—car cracking? Let’s tell all Cadillacs made from 2013 to suddenly stop? All of them? What’s it going to take until we collectively look at automotive infrastructure in a way that’s demonstrably effective in terms of full and unmitigated trust?
Call me paranoid, but it prevents me from purchasing modern-era autos, and recommending the same to anyone that understands that just a few well-placed attacks could be ruinous to lives and even mobility itself.