With a rising level of integration of technology in vehicles, the automotive industries are exposed to high risks of cybercrimes. These issues have come to light due to the Kia hack incident, due to which various critical weaknesses in connected cars have been exposed that can be used by cybercriminals.
A team of independent security researchers only recently found major flaws in Kia’s dealer web portal. These weaknesses put the millions of Kia cars at a high risk of cyber threats. The researchers discovered a flaw which enabled them to exploit Kia cars produced after 2013, to control them by merely entering the car’s plate number.
A car equipped with Kia’s remote hardware can be located, opened and even driven in less than half a minute. Worryingly, this was the case for all Kia Connect customers and non-customers alike, meaning the weakness was even more worrisome.
Sam Curry, one of the researchers, said the team was able to glean that Kia had a backend dealer API, and then signed up for the dealer account at kiaconnect.kdealer.com. “From the victim’s side, there was no information that someone from the other end was getting into their car or manipulating the access rights”, Curry pointed out adding that this particular breach was clandestine.
The case of Kia brings out a rather important lesson in understanding the general cybersecurity problems that plague the automotive sector. Indeed, with connected cars and their largely computerized systems, hack attacks and theft of consumers’ information become possible. There are two primary areas of concern:
- Remote Hacking: It is alarming to realize that via hacking a car a criminal can get an unauthorized access and control some functions of the car. At its worse, these attackers could interfere with the basic functions that almost every car or vehicle on the road uses such as braking, steering, and acceleration, which make it dangerous for drivers and passengers out on the road.
- Data Privacy Risks: Such cars maintain many firsthand profile information from users including their location history, contacts among other information. This data shall be a go-to for attackers’ looking to pilfer or exploit the recipients of this information.
Today, most cars have innovative communication gadgets through features such as car Wi-Fi, Bluetooth, Interfaces: USB. These systems are meant to improve the driving experience, and while so doing, pose a rather daunting cybersecurity threat. These interfaces are vulnerable to attacks and one can easily gain remote control of different functionalities in the same car.
Such gadgets typically contain a number of personal data like names and numbers of contacts, text messages, and sometimes GPS history. If such systems are not safeguarded they create an opportunity for a hacker to penetrate deeply into the system and result in a data breach or even unauthorized control of the car.
Currently, digital carmakers realize the risk originating from cyber incidents on connected cars and are attempting to bolster the protection levels of automobiles. Some of the key measures being adopted include:
Over-the-Air (OTA) Software Updates: Firms are beginning to use Over-The-Air updates to patch up security issues, or even fix software problems, without physically having to service the car itself. This keeps the system future-proof in that new threats that are discovered will be easily contained. The risks of unauthorized access are addressed; manufacturers are currently using enhanced encryption techniques and authentication measures to regulate; the remote controls and connectivity options.
Due to advancement in car models, there is every indication cars are getting digital, and automotive OEMs are integrating security into the product development lifecycle. This also covers measures for identification of anomalous behaviors and separation of high integrity tasks such as braking and steering from lower security features like the entertainment systems.
Connected cars are increasingly being seen as the next step in automobile development, but with it comes greater vulnerability to hacking. This hack event is a wake up call not only for manufacturers but consumers, regulators and security researchers as discussed above.
At the same time, automotive brands are shifting to improve vehicular protection, consumers are also expected to be cautious and ensure the vehicle software is updated and are informed about cyber risks. In future, given the dynamic nature of the development of car technology, this trend will only increase further, aiming at the need to protect cars from intelligence attacks and make vehicles safe in the context of permanent computerization of the world.