Johannesburg - In the not too distant future, having your car hijacked at a robot probably won’t happen. Instead, criminals will remotely take over your vehicle and drive you to them.
As more systems in cars become connected to the internet, car manufacturers have admitted that they are becoming prone to being hacked. If a criminal has the car’s vehicle identification number (VIN), is up to date with the vehicle’s technology and is determined enough, your car can be remotely hacked and its systems taken over.
This was revealed last year when Andy Greenberg from Wired.com filmed himself in a Jeep Cherokee which was hacked remotely. It started with cold air at the maximum setting blasting him, and the heat on his seat turned up.
How they hacked and crashed a Jeep
The radio changed stations and volume, the windshield wipers turned on and wiper fluid sprayed the glass. The car’s digital display turned on, revealing the two hackers who were taking over the Jeep. Then it became more serious, as the accelerator stopped working.
Hacking can also cut the brakes, kill the engine, honk the hooter and take over the steering of a car. It can also track the GPS co-ordinates and measure the speed you are driving at. And it’s something all vehicle manufacturers have to deal with as internet-connection technology becomes more prevalent in cars.
Just last week, Nissan admitted that its new Leaf electric car can be drained of its battery life using little more than its VIN.
HOW EASY IT CAN BE
Tech Insider reported that the security hole was discovered by researcher Troy Hunt, who found out that the Leaf’s smartphone app interface needed just the VIN to control the car features remotely without passwords.
“If I was to monitor your movements over the course of a week and learn when you go to and from work, shortly after you got to your office, I could run the heating for the remainder of the day,” Scott Helme, a cyber security researcher, told the BBC.
“That would potentially leave you with very little power. Certainly not enough to get back home.”
Nissan then disabled the smartphone app after the security flaw was revealed.
Sergey Lozhkin, senior researcher at the Kaspersky Lab, said more and more cars have the option to remotely control some of their systems.
“Applications on users' smartphones will soon be able to control critical car systems,” Lozhkin said.
He added that in the recent Nissan Leaf case, hackers downloaded the application that can control in-car systems – presumably climate control or entertainment – and used the car's VIN to connect to the control panel.
“It would not take much for this to be used for criminal gain: by simply changing the VIN it could be possible to control another car. Although this example is relatively limited, the ease with which criminals can gain access should alert software developers,” he said.
The Star