“Intelligent” cars and your safety
In August 2020, a Chinese company specializing in the production of antivirus software reported 19 vulnerabilities in the Mercedes E-class. For the large amount you buy a car, in which someone can remotely open doors or start the engine. However, this is not just an affliction of this German brand. Earlier publications concerned, inter alia, Jeep Cherokee, BMW and Chrysler. Via the Internet it was possible to take over the brakes, steering wheel or gearbox.
Cheap devices that allow you to open and start a car, the owner of which is not aware of it (PLN 80 is enough to drive off in a quite luxurious vehicle) is the tip of the iceberg. A bigger problem can be the poor security of telematics servers, which can access everything connected to them, including applications, data, and all related vehicles, all due to security flaws in devices installed in cars. In addition, there is a direct threat to the health and life of passengers, which is no longer just a literary fiction or an invention of the next Bond-like movie screenwriters.
Sometimes a hacker needs to connect directly to the diagnostic port located in the car. More and more often, however, can break in remotely, via the Internet, without approaching the vehicle. From this perspective, the development of the automotive industry towards offering autonomous cars that move without drivers is a great question mark.
Further gaps in the systems of “intelligent” cars are being patched. However, we can be sure that criminals are usually one step ahead of producers who do not fully care for the safety of their customers. Such conclusions can be drawn, for example, on the basis of this year’s report by Upstream Security. At the same time, he points out that more than half of new cars sold, at least in the USA, already have internet connectivity. Some advise to install GSM jamming devices by yourself. However, this solution has many disadvantages, including interfering with telephone communication to drivers standing in a traffic jam near our vehicle.
By the way, it turns out that advanced computer on-board systems can be used for the so-called cartapping, i.e. eavesdropping on vehicle users while driving. American journalists revealed that similar practices had been carried out by the FBI for several years. Law enforcement assumes that the driver loses the right to privacy when agrees to use services that require vehicle tracking. With such an interpretation, interception of conversations does not require wiretapping. It is also worth remembering that currently every new car – in accordance with the law – has applications that ensure remote management and tracking, for example in the form of solutions supporting the eCall system, allowing the emergency services to be called in an accident without human intervention (based on e.g. emergency airbags opening).
Before buying another “smart” car, home, watch, telephone, cleaning robot, etc., it is worth considering not only the improvements they offer, but also the risks. By using many innovations in various areas (the popular “Internet of Things” / IoT), we increase the number of potential cyber attack points. Currently, it is estimated that over 20 billion devices are connected to the Internet. This means a huge increase in data that must be securely transferred, stored and processed. Are all service providers prepared for this? Just in case, before we give our refrigerator a credit card number (so that it can refill sausages, dairy products and greens on its shelves for us), make sure that our IP address is masked by VPN, and purchases are made only from properly secured suppliers.