In addition to recently publicized hacks of electronic auto ignitions with laptops, car thieves have several other high-tech techniques they’ve put to use—or will soon unleash upon their victims, according to stolen vehicle recovery firm CalAmp LoJack Corp.
The lawlessness includes portable scanner boxes that exploit electronic key fobs; identity theft, where the Personally Identifiable Information data stored within the vehicle and in the vehicle computer is stolen; and car cloning, which is when a Vehicle Identification Number (VIN) is faked, allowing new documents to be produced.
+ Also on Network World: Comprehensive software security for cars will take years +
“The connected vehicle thief” is with us, says LoJack in a press release. “With more sophisticated vehicles on the road, criminals are becoming more sophisticated in their tactics in order to steal these vehicles.”
And it’s not just smart-key scanning—where key codes are duplicated electronically by foraging driveway crooks who capture the key’s data and then unlock the car, swiping the vehicle’s contents, joy riding or shipping the automobile overseas never to be seen again. LoJack says stolen credit reports are now being used to “illegally finance vehicles,” and ransom holdups are a very real possibility.
“Cybercriminals could leverage ransomware to break into a vehicle, disable the engine and brakes, and demand payment to restore the car to its functional state,” the company says.
Data is being lifted, too.
“Thieves are targeting the data available within the car, including credit card details, location information, Social Security Numbers and drivers’ license numbers,” the company says.
LoJack says 133 vehicle models come with internet installed this year, and on-board data is vulnerable just like paper documents.
Wireless vulnerabilities help hackers
As one might expect, wireless vulnerabilities are used in auto exploits, says the FBI in a public service announcement.
One problem is that consumers don’t think they’re responsible for making sure their cars don't get hacked. Many still believe software updates, overall, aren’t a part of life. Only 15 percent of consumers think automobile hacking security has anything to do with them, LoJack says.
However, consumers are aware of the potential hacking issue, and 62 percent think “cars of the future will be easily hacked,” the company says.
So, what can you do? LoJack says one should use “tracking and stolen vehicle recovery technology,” which you would expect them to say—that’s their business.
But the company also suggests car owners be selective about what data they share and that car owners should be informed about software updates, which can come in the form of cybersecurity recalls.
Software updating is an unresolved issue in the automotive industry. Over-the-air networked updating of cars isn’t common, and only 2 percent to 7 percent of cars featured it, as of late last year. One reason for that is dealers like to get customers back in the store, in part to try to sell them new cars. But one might question whether the consumer will envisage the hassle of going back in for an update and an upsell as onerous. So, unexpectedly needed in-dealer updates may not happen much.
Overall, further mitigation action to take could include being “aware of who has physical access” to the vehicle—just like you do with a smartphone, says the FBI. And be careful of third-party devices you use in the OBD-II monitoring port.
“Vehicle theft is starting to shift because of advanced techniques introduced by the ‘Connected Vehicle Thief,’” says Patrick Clancy, vice president of LoJack Law Enforcement in the release. “These criminals are smart, connected and more difficult to impede.”
This article is published as part of the IDG Contributor Network. Want to Join?