Could a Hacker Shut Down Your Car?
Feb. 26, 2015
Dealerships and banks have recently found a new way to secure their collateral, i.e., your vehicle. They argue that, even though the vehicle belongs to you, they should be able to control it since it is being used to secure their loan. Therefore, many banks and dealerships, especially those that specialize in loans to people with bad credit, have been installing remote kill switches in the cars they sell.
Imagine that you’re out with your children and you go to the grocery store. When you come back outside with the week’s groceries, your car won’t start. Are you late on your payments? Maybe, or maybe someone just credited your payment to the wrong account. Or maybe someone just broke into the car dealership’s computer.
That’s not as far-fetched as it may sound. A dealership in Texas lost control of their computers, and, one by one, all of their former customers began losing control of their cars. This really happened at the Texas Auto Center. An excerpt from Marc Goodman’s book Future Crimes tells that story and elaborates,
“As for Texas Auto Center, it is far from unique in its decision to install remote repo-man technology in its vehicles; today there are more than two million cars with the technology. There are tens of millions of vehicles around the world that can be controlled one way or another online, with thousands more being added to the global information grid every day. With such black boxes installed in more and more automobiles, it is becoming increasingly clear that there may be more back doors in your car than you ever realized.”
Sure, you may say, but this can only happen as an insider job or at some poorly secured used car dealership. That’s unfortunately and startlingly untrue. A 14-year-old, without instruction and using only $15 in parts available at retail, recently beat a major manufacturer’s cybersecurity to take unauthorized control of a vehicle. This AutoBlog article tells the story:
“With some help from the assembled experts, he [the 14-year-old] was supposed to attempt a remote infiltration of a car, a process that some of the nation’s top security experts say can take weeks or months of intricate planning. The student, though, eschewed any guidance. One night, he went to Radio Shack, spent $15 on parts and stayed up late into the night building his own circuit board.
“The next morning, he used his homemade device to hack into the car of a major automaker. Camp leaders and automaker representatives were dumbfounded. ‘They said, “There’s no way he should be able to do that,”‘ Brown said Tuesday, recounting the previously undisclosed incident at a seminar on the industry’s readiness to handle cyber threats. ‘It was mind-blowing.’
“Windshield wipers turned on and off. Doors locked and unlocked. The remote start feature engaged. The student even got the car’s lights to flash on and off, set to the beat from songs on his iPhone. Though they wouldn’t divulge the student’s name or the brand of the affected car, representatives from both Delphi and Battelle, the nonprofit that ran the CyberAuto Challenge event, confirmed the details.”
There is always someone who can beat security measures. And sometimes there are a lot of someones who can do it.
If you purchase a car and you’re told that there is a remote kill switch, walk away. Nothing is worth putting your family, your life and your safety in the hands of a stranger.