Industry Insights

Protecting the Connected Car from High-Tech Carjackers

2018-10-18  |  8 min read 

During recent lunchtime banter with co-workers, the subject of when Grand Theft Auto (GTA) 6 would be online veered towards a more serious angle – the rise of keyless car thefts and the possibility of a carjacking in the near future. 

Modern car thieves no longer need to smash a car window or hotwire a car to steal the latest models. Keyless entry technology provides thieves with a quick and easy way to enter and steal cars. The high-tech criminal today can easily exploit the vulnerabilities of passive entry and passive start (PEPS) systems by using frequency-hacking transmitters to capture the signal from a vehicle’s key fob and use it to unlock the car. Hackers can purchase electronic devices, which can ‘read’ the codes transmitted by key fobs, from electronics stores for as little as $40.

These days, since many keyless entry cars include keyless ignition systems, all the thief needs to do is unlock the car door, push a button to start the car, and drive away. 

Many online articles offer tips on how to foil the plans of potential car thieves. Apart from traditional steering locks, one suggestion is to keep your car key fobs in the house, and as far away from your car as possible. This technique prevents car thieves from using a signal booster to amplify the key fob signals and use them to open your car. Many people have the habit of placing their key fob in the hallway, right next to the garage or the car port, making it easy for carjackers to enter and steal their cars. 

Some experts recommend that you keep the key fob inside your microwave oven to safeguard your car. While relay signals can penetrate walls, windows, and doors, they come to a dead stop when confronted with metallic surfaces.

Keep key fobs in the oven to protect your connected car.
Figure 1. What is cooking tonight? Keyless fob!

While keyless entry car thefts are a serious crime, they seem elementary when compared to more ominous scenarios –high-tech cyberattacks. 

With the automotive industry’s rapid progress in the autonomous driving arena, it is essential to scrutinize all aspects of a vehicle that are vulnerable to hacking. Instead of just stealing your car under the cover of the night, there are concerns that remote hackers will jam brake signals or take over navigation systems.

While these scenarios sound like potential storyboards for the next action film or GTA 6 episode, hackers have already successfully hijacked connected cars at hacking summits. The modern connected car is a super computer on wheels, and it receives and transmits over-the-air (OTA) signals all the time. These continuous OTA signals make the connected car an easy target for carjackers. 

At the National Governors Association Summer Meeting in Rhode Island in 2017, Elon Musk, CEO of SpaceX and Tesla, said the biggest risk to anonymous cars is “a fleet-wide hack”. "In principle, if someone was able to...hack all the autonomous Teslas, they could say…'send them all to Rhode Island' - across the United States…that would be the end of Tesla, and there would be a lot of angry people in Rhode Island."

Protecting network, hardware and firmware

Automotive designers are not taking chances. An area of growing interest is how to secure the CAN bus network, which connects vital systems such as the engine, steering, braking, and parking systems. Many automotive CAN bus systems also integrate navigation and infotainment systems with WIFI and Bluetooth®. Security experts say hackers can exploit these OTA interfaces as points of vulnerability to remotely take control of a car.

Proponents of the newer automotive Ethernet technology, who predict it eventually will replace traditional CAN, say the flexible and modular structure of automotive Ethernet will allow network architects and security consultants to leverage existing Ethernet security features.

Network is just one aspect of security. Automotive design and test engineers also need to look at the devices that go onboard the multitude of electronic control units (ECUs) in a car, and find a way to protect them against hackers.

Security experts also advocate encrypting firmware and disabling all functions that are not used in production, to prevent any backdoor entry into the car’s network system.

Planning ahead

In the early 1980s, internet hacking episodes were more isolated. These days, security breaches have become commonplace in the daily news, with reported security breach levels and maliciousness intensifying.

Perhaps what the industry can do is take advantage of the knowledge gained during the internet boom and prepare to counter the smartest enemy in advance of the attack. Security technology aside, identifying vulnerabilities on open platforms is also essential while the autonomous vehicle industry transits from its current nascent stages of growth into a booming business. 

Earlier this year, Elon Musk told DEFCON, a private hacker conference in Las Vegas, that he planned to "open source" the software Tesla uses to secure the autonomous-driving features from hacks or takeovers, eventually allowing other carmakers to use it. 

Elon Musk at DEFCON 2018
Figure 2. Elon Musk at DEFCON, August 11, 2018 

Collaboration may be a great way to check the blind spots of automobile manufacturers. The connected car industry knows it must make progress on the laborious task of strengthening standards and guidelines for autonomous vehicle security. Keysight Technologies is working with car manufacturers to provide ECU functional tests for ultra-wideband PEPS systems, which provide better immunity against relay attacks. Ixia, a Keysight company, also offers comprehensive automotive ethernet security testing. 

For more information on automotive electronics test solutions, please visit: www.keysight.com/find/automotive 

Bluetooth® and Bluetooth Logo® are trademarks owned by Bluetooth SIG, Inc., U.S.A. and licensed to Keysight Technologies, Inc.