Researchers Warn Of Hacking Threats To Vehicles On Minnesota Roads
The conveniences of modern technology and a connected world have some pitfalls, and this story is a great example of that.
In a recent report from Wired, it was disclosed that a crucial flaw was found this year that impacts thousands of vehicles that can be found on Minnesota roads and elsewhere around the country.
While the vehicles themselves aren't particularly easy to hack directly, a website used to connect to these vehicles for a variety of tracking and control features can give hackers information and control you don't want them to have, and it apparently isn't a difficult thing to do.
What vehicles can be hacked?
The short answer is technically any "connected" vehicle could potentially be hacked, which includes most modern vehicles on the roads today.
The story I am referencing details that a group of security researchers were able to exploit a flaw earlier this year in a website portal used for Kia vehicles, though similar issues have been found with other brands.
Similar types of vulnerabilities have been found with other brands like Hyundai, Genesis, BMW, Ferrari, Ford, Toyota, Honda, Nissan, Acura, and others where some level of access could be gained by exploiting these security flaws.
In those cases cited, it was security experts and researchers looking for flaws. Scarily, many of these flaws were pretty easy to find and exploit.
Thankfully many of them have been fixed as car makers have been made aware of them, but researchers say there is still a long way to go.
What are these hacks? How easy are they?
While it varies a little from brand to brand, the Kia example from earlier this year gives you a good idea of what the hack is, what can be accomplished, and how frighteningly easy it is to exploit these flaws.
In these hacks by researchers, they were able to use a web portal used by vehicle owners to do things like track your vehicle, gain access to information about the vehicle owner, start or stop the engine, lock the doors, raise/lower the windows, or flash the headlights.
Using a very small amount of information like a license plate number or a VIN, the researchers were able to gain access to the control systems of several Kias.
Across other brands, some of these vulnerabilities required more effort than others to exploit, but it shows an expansive issue across the modern auto industry.
The good news is that this Kia vulnerability Wired reported on was reported to the company, which has since fixed the issue.
Car makers have been working to patch these issues as they are discovered, but one researcher told Wired that while a lot of work has been done in recent years to increase vehicle security, the auto industry's connected security situation "still feels really broken".
What are the concerns?
While the ability to drive your vehicle away remotely isn't currently a widespread concern, there are several things that researchers say should be worrisome.
Critical systems like steering controls or brakes are not currently found to be vulnerable on a broad scale, but the ability to harass vehicle owners, gain location and other data about the vehicle and its owner, or make a car easier to steal are all real concerns in most cases.
The Kia vulnerability the researchers found (which, again, has since been fixed) also allowed access to the vehicle owner's name, phone number, email address, and physical address, which affords the hacker other opportunities.
Those are all frightening prospects.
Thankfully there are "good hackers" looking for these issues before bad hackers are able to use them at scale, but it's still scary to think about!
See How Minnesota's License Plates Have Evolved Since 1909
Gallery Credit: David Drew