How Hackers Exploit Automotive Software to Overtake Cars
A new report from IntSights details the ways that cybercriminals are able to break into a new generation of highly digitized cars.
Cybersecurity firm IntSights recently released, "Under The Hood: Cybercriminals Exploit Automotive Industry's Software Features," study details how hackers are managing to get into cars and do damage.
"The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought," the report said. "IntSights discovered easy-fo-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles."
The report said most car hacking tools can be found on websites or forums like Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat, which provide a wealth of information, tools, code grabbers, and tutorials. There are also a bevy of Russian sites offering help like forum.grabbs.org, Migalki.pw, and Chipadla.ru.
Traditionally, said the report cars were considered too difficult to hack into and not worth the amount of time and energy required. But as cars have added Wi-Fi, GPS, and other features, the amount of attack surfaces have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods.
The most popular method involves attacking a car's CAN protocol, which can give a hacker full access to all of the vehicle's functions.
"The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it," the report said. "However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer's backend system, to which many modern cars are connected."
Cybercriminals have also been able to attack a car's Remote Keyless System, which allows owners to open and start their vehicle without a key. The key fob technology used for this system is decades old and is considered tough to crack, but a new generation of code grabbers has allowed car thieves to either outright mimic the signals or intercept them. Those code grabbers are increasingly available on the dark web, and there are many forums throughout the web where cybercriminals can congregate and share best practices.
The study says that certain tools, like "RollJam," can work on any car and can be bought for $32. Cybercriminals are also offering other tools like Panda DXL, Grabos Panda, and Code Grabber.
According to the report, hackers can even gain access through car companies themselves, which now communicate with vehicles through applications that send information to them. If there is a breach of the car company's servers, a cybercriminal could easily mess with the information shared between the company servers and the vehicle's brain. In addition, hackers have also been able to load malware onto a car owner's phone, through phishing campaigns or fake apps, and infect vehicles that way. Cybercriminals have even had success manipulating cellular networks through built in SIM cards, which car companies use to extract real-time information and update firmware.
According to the study, the problem will only get worse because of the need for constant updates, which may not take place considering the decades-long life of most cars. The likelihood is that most cars will eventually have gaping security holes waiting to be exploited by cybercriminals.
"In an ever-increasing digital climate, it is vital that businesses take the necessary precautions to avoid cyberattacks. Since cars are primarily attacked using remote access, security teams are often not able to detect when and where their systems have been compromised, leaving unknowing drivers susceptible," the study said. "The ability to use the wireless spectrum as an entry point into the car network is the driving factor behind attacks that leverage the wireless spectrum, be it Keyfobs, infotainment systems, car diagnostics systems, or wireless tire pressure sensors. As the physical hardware of motor vehicles is a challenging target that requires malicious intent and specialized tools, we should expect to see more software attacks against infotainment systems, charging stations and mobile apps."