The content of the article:
- Fantasy or reality
- Is remote hijacking possible today
- What else hackers are capable of
The rapid development of technology leaves no time for surprise. What was impossible yesterday is becoming commonplace today.
Car companies are keeping pace with the overall progress. The machines use the most modern computer systems, multimedia technologies, satellite and Internet connections. With the help of the latest electronics, cars get smarter and perform some functions on their own.
Such opportunities attract not only motorists. Hackers are looking forward to the hour when remote control will become really complete.
Fantasy or reality
Interest in remote hijacking has skyrocketed since the release of Fast and Furious 8 in April 2017. The film has given cybersecurity staff some serious thought.
The plot of the tape tells about a gang of hackers who hacked into an electronic transport network. Taking control of urban vehicles, they use them as weapons: they provoke accidents, block intersections, push cars from the upper floors of parking lots.
Is such a development of events possible in reality? At the moment, fortunately, no. But the potential threat exists.
It is now impossible to take control of the electronic transport network only because it, in principle, does not yet exist. But the project of creation has already been repeatedly mentioned by leading auto companies. Urban traffic infrastructure will be needed when autonomous vehicles begin to hit the streets in droves. And this is also a future reality.
UAVs have already been developed and tested by several carmakers. The most famous is the project of the Google company. In the summer of 2015, experimental prototypes of autonomous Google cars rolled out onto California's public roads. They were equipped with a removable steering wheel and pedals for emergency situations, and the speed was limited to 40 km / h.
Over the years of testing, Google's equipment has been involved in accidents more than once. Only it was not her fault - all the collisions took place due to the carelessness of the drivers of other cars. Successful trials give drones a chance to enter the general market in the near future.
The control computer program can be the target of hackers. The consequences of remote hijacking can turn out to be completely tragic if the car falls under the control of terrorists. Therefore, along with the invention of the autopilot, manufacturers should take care of its safety from outside interference.
Is remote hijacking possible today
The number of autonomous vehicles is so small that no cases of hijacking have yet been recorded. But modern technology is also at risk. Yes, it will not work to force her to leave for a neighboring city, but it is easy to interfere with the operation of some units and electronic systems.
Car factories are trying to prevent the spread of information about the facts of hacking of their products. This position is not a fear for reputation; rather, it is an attempt to save buyers. Any evidence of the unreliability of the control system can spur a novice hacker to try the skills on a neighbor's machine.
At the moment, only the experience of American programmers is widely known, who in 2015 managed to take part of the car's control under remote control.
Using both a smartphone and a laptop, security officers Chris Valasek and Charlie Miller easily connected to the controls of the Jeep Cherokee. They loaded their program into the computer network of the machine, thanks to which they were able to subjugate some of the functions.
At a distance of 16 km from the object, the burglars freely turned on and off the radio, wipers, air conditioner, controlled the glass washer, brake and gas pedals, and the steering wheel. Ultimately, they even managed to turn off the engine of a car moving at a speed of 110 km / h.
Jeep Cherokee driver - journalist Andy Greenberg could not influence the "absurd antics" of the controlled equipment. All attempts to take control were futile.
The experiment revealed a huge security hole in cars with wireless internet access. It will not be difficult for an experienced cracker to get to a computer program and take control of it.
Thus, thousands of Fiat Chrysler Automobiles products have been equipped with the Uconnect program since 2013. This is a smartphone application with which the owner remotely starts the car, turns on the headlights and opens the doors. Uconnect had a serious security hole that any hacker could easily penetrate.
After the experience with the Jeep Cherokee, the company developed add-ons to the application and encouraged owners to update the software via the website or through authorized dealers. But the fact remains - electronic systems are not perfect and can be easy prey for burglars.
Since 2017, the ERA-GLONASS system has been installed in all new cars. It includes remote control capability. One of the purposes of the program is anti-theft. It is designed to turn off the engine of the wanted and pursued equipment at a distance.
The signal can pass through cellular networks or satellite, which does not inspire hope for security. Satellite communication, for example, is used by boats, and hackers have learned to shoot down the coordinates of their location or to direct them along the wrong path for a long time.
In the case of ERA-GLONASS, there are fears that the program will become available to computer criminals and bring more problems than benefits. One can only imagine the consequences of a massive traffic stop on busy streets during rush hour.
The system is unlikely to stop the hijackers. Experienced thieves know how to disable this protection.
What else hackers are capable of
Car manufacturers regularly improve the technical safety of their products. Along with this, new ways are emerging for cyber thieves to bypass the defense mechanisms of the system.
Car theft is a profitable business for the entire chain of people involved. That is why professional kidnappers have tools and equipment, the cost of which sometimes reaches several million rubles. With this help, a lot is available:
- Dongle cloning - one of the most frequent cases of theft. Most new cars are equipped with an immobilizer. This is a protective system that blocks movement until a signal is received from the chip built into the key. To start the car, you just need to duplicate the key fob. To do this, criminals need to have in stock a "blank" (a clean key without a code) and physical access to the diagnostic port. Having scanned the data for the "blank", the thief receives a full-fledged key that does not differ from the original. This is done in two or three minutes, after which the car quietly leaves "nowhere". A huge number of brands and models are at risk. This standard protection system needs additional anti-theft assistance;
- Remote door opening - happiness for the car owner... Almost all new cars are sold with keys supplemented with buttons to open and close the car. The console sends a signal that is not protected in any way. With the help of a special device - a code grabber, this signal is caught and the criminal has the opportunity to calmly enter the salon. Code grabbers have become widespread in the criminal world due to their low price. So do not leave valuable things and devices inside the car, even if they leave for a couple of minutes;
- Most alarms are not a barrier for experienced hijackers... For example, a factory anti-theft alarm, an alarm with remote door opening or a dynamic code is no better than the above-mentioned standard remote control. The code is intercepted by the same code grabber, and the car can be easily opened, started and left. Other more serious types of alarms require more time to turn off and the presence of specialized equipment. But for a professional hacker, this is not a problem either. If a thief is targeting a specific vehicle, no amount of protection will stop him;
- Smart cars connected to a smartphone are also at risk... The owner, using the application on the phone, remotely controls some of the car's functions. He can start the engine, open the doors, bring into operation some of the components and assemblies, control the characteristics of the equipment. It will not work just like that to hack the smartphone program, and intercept the signal too. But, if you infect the phone with a virus, the hacker will gain access to control on an equal basis with the owner. Therefore, the owners of "smart" cars need to be on the alert all the time and not download suspicious programs to the phone;
- As strange as it may sound, but the most effective means of protection against theft - mechanical blockers... The hijackers try not to mess with them. Why waste energy and draw attention to such a laborious task when you can easily, quickly and silently break any electronic defense.
Remote hijacking in our time is only partially possible. A part of the car's functions, electronics and access to some nodes sometimes falls under the control of an attacker. No one is able to force the car to leave the owner on their own. With the advent of autonomous technology, such crimes will become a reality, because, as you know, hackers are able to hack anything. Hopefully, manufacturers will take the threat of cybercriminals seriously and work out the protection system to the smallest detail.
