These are the 4 top hacking vulnerabilities in today’s cars

From phone to fob to console, there are many ways for hackers to get into your car

There’s a lot of digital technology packed into today’s vehicles. 

Even before it’s turned on, a modern car is actively communicating with itself, its maker, its key, your phone, and many more digital points in a concerted effort to help make your life more convenient and safe. That’s the idea behind it all, anyway. 

Unfortunately, there are those who would use those communication points as digital on-ramps for their malicious intent. These hackers can access personal data, open and steal your vehicle, or even interfere with its functions while you’re behind the wheel. 

In an effort to cut the bad ones off at the pass, many automakers employ “white-hat” hackers, a.k.a. “bug bounty hunters,” to expose issues and vulnerabilities. One such noble nerd recently exposed the real purpose of Tesla’s cabin-facing camera.

Company CEO Elon Musk originally said the camera was to prevent vandalization to vehicles when Tesla launches its self-driving robot-taxi fleet. But new information made public by hacker ‘green’ suggests the camera may be capturing images for different reasons — namely, driver monitoring.  

It’s more than likely this is being done for our safety and not for nefarious purposes, but it’s still interesting to know that Tesla is withholding its true intentions, and that a freelance hacker can find his way to the truth. 

Indeed, our tech-forward vehicles of today are not impervious to attack. Here are a handful of the most common ways modern cars get hacked. 

Key-fob signal steal

The thieves’ objective: Get whatever is inside your locked car, or the car itself, without breaking any hardware. The solution: Use a homemade antenna to steal the signal from the car’s fob, which is usually kept right inside the owner’s front door, and send it to an accomplice wearing a receiver and standing next to the car. Sound too easy to be true? Here’s a video of two thieves making off with a Tesla is 33 seconds by using this tactic

Company server hack

One of the most vulnerable points in your car isn’t actually in your car. If your car has any onboard apps that communicate with the automaker (which it likely does if it’s from the last decade or so), hackers might be able to gain access to information or even function controls by breaking into said automaker’s servers. According to a 2019 auto-cybersecurity study by Upstream, hacks to company servers make up 26.42 per cent of all automotive cyber attacks.  

Mobile apps

It didn’t take hacker Jmaxxz long to suspect the remote-start app MyCar, which he’d purchased as a gift for his girlfriend, was less than secure. After just a day, he discovered any hacker with his skills could locate, identify, unlock, start or trigger the alarm of any around 60,000 of the registered vehicles using the app.

Jmaxxz discovered the company was also collecting more data than he’d expected, including thousands of previous locations. The app has since been fixed by its Canadian makers. 

OBDII or entertainment system pirate

You don’t have to be a droid or a computer whiz to seriously muck with a vehicle’s inner workings if you’ve got access to its OBDII port. By plugging in a device to the vehicle’s Can-bus, or even by accessing it or the entertainment system wirelessly, it’s possible to pirate vehicle functions like brakes, steering or transmission, even as the vehicle is running. Here’s a video of a pair of hackers taking over control of a Jeep back in 2015.

Now that you’re adequately freaked out, here are some tips for how to prevent your vehicle from being hacked.

by Coleman Molnar