With the car industry’s ever-increasing reliance on computers and electronics, it was only a matter of time before law enforcement and regulators became even more concerned than they already were. Last year’s hack of a Jeep and its takeover by researchers only fueled concerns over the many possibilities that were revealed by the exploit. Today, authorities took their concerns public with a warning.
The Federal Bureau of Investigation (FBI) and the National Highway Traffic Safety Administration (NHTSA) today warned motorists that cars are “increasingly vulnerable” to hacking. Specifically, the agencies warned the “general public and manufacturers – of vehicles, vehicle components and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
A Reuters story today referred to the 2015 Jeep incident that resulted in the recall of 1.4 million U.S. vehicle, the first action of its kind in auto industry history. Also last year, General Motors updated a smartphone app that could have allowed a hacker to control some pieces of plug-in hybrid technology such as starting the engine and unlocking the doors of the Chevy Volt. Also, last year, BMW said it had fixed a security hole through which hackers could have opened the doors on up to 2.2 million vehicles.
The FBI bulletin indicated that while “not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk.”
The NHTSA said last July that carmakers have to move quickly to address hacking issues. The reminder, made by NHTSA Administrator Mark Rosekind, was spurred on by the Jeep hack. At that time last summer, Wired reported on a story where two hacker/researchers were able to take control of the steering, transmission and brakes of a 2014 Jeep Cherokee. NHTSA has since said that this hack was a first. It marked the first time a hacker had ever taken real-world control of a vehicle.
Following this hack, two major U.S. automotive trade groups, the Alliance of Automobile Manufacturers and the Associate of Global Automakers opened an information-sharing center. The Information Sharing and Analysis Center allows the groups to share information on cyber threats and vulnerabilities in vehicles.
The latest FBI warning stated that hackers could exploit online vehicle software updates. The law enforcement agency warned the hackers could send fake “e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking [on] links to malicious Web sites or opening attachments containing malicious software.”