Paul Smith, Director, Traka Automotive asks: how seriously should dealerships take the cyber security threat?
As cyber-attacks on vehicles become more common occurrences, is the dealership another weak link waiting to be exploited? Paul Smith of Traka Automotive believes this may be the case. He suggests that the growth in internet-connected technologies and safety features in vehicles has not been matched by the necessary increments on the security side.
Smith explains that “a series of hack attacks starting last Spring, saw 24 different cars from 19 different manufacturers broken into using a radio frequency (RF) exploit known as the ‘amplifier attack’. This inexpensive, yet ingenious exploit involves amplifying the radio frequency in these cars remotely to trick the keyless sensor technology into thinking the vehicle’s owner is in close proximity – thereby opening the targeted cars up from up to 100 metres away.”
Smith also points to the 2015 hack of a Jeep Cherokee in the States that resulted in Fiat Chrysler having to complete a 1.4m vehicle recall, as an example of how that hackers are ahead of the manufacturers on the security curve.
At automotive technology’s cutting edge, an autonomous vehicle was recently hacked by exploiting the vulnerabilities of the LiDAR (the tech that enables many autonomous vehicles to build a 3D picture of the hazards around it). With the help of hired hackers Uber demonstrated a denial-of-service attack against LiDAR-based self-driving cars by overwhelming the car’s sensors with images of fake vehicles and other objects using nothing more complicated than a laser pointer worth less than £40.
Professor Rakotonirainy from Queensland University of Technology’s Centre for Accident Research & Road Safety, commented, “The security protection on cars is virtually non-existent, it is at a level of protection that a desktop computer system had in the 1980s, the basic security requirements such as authentication, confidentiality and integrity are not strong.”
“What this means is that as vehicles become more and more connected and autonomous, with the ability to communicate to other vehicles and infrastructure through wireless networks, the threat of cyber-attack increases putting people’s safety and security at risk.”
Professor Rakotonirainy says that a piece of technology in all mew cars called a CAN-BUS, is of particular interest to hackers. Located under the steering wheel, allows anyone to check the health of a vehicle and to control it. CAN-BUS provides access to the ‘brain’ of a car.
Professor Rakotonirainy reminds us that: “If someone hacks into a vehicle’s electronics via a wireless network and exploits the current security loophole, they can track or take control of it,”
Paul Smith expands that argument to look at the dealership itself, “Car dealerships are not immune from the increasing cyber threat. Rapid adoption of increasingly sophisticated IT systems in dealerships, together with the arrival of more connected cars on their forecourts puts their central systems in the line of fire. “
“Dealers’ DMS, CMS, EMACS and other data-intensive IT systems hold vital information about vehicles sold and being maintained by them. A hacker might decide that it’s easier and potentially more lucrative to target a dealership’s central systems and from there hack into multiple vehicles on their books – or simply steal and sell vital details for those same vehicles to thieves.”
Paul concluded, ”The key is to be aware of the fact that there are more and more networked IT systems in use in your dealership and in the cars you are selling and servicing. This inevitably means you are going to need to beef-up your IT skills across the board, while considering IT security as a key part of this upskilling push. “
Leave A Comment