If hackers are going to break into our cars they’ll most likely be motivated by profit over anything else.
Autonomous vehicles haven’t even hit public roads in any kind of widespread deployment yet, but Hollywood is already painting frightening scenarios on the potential of car hacking. The 2019 remake of Child’s Playfeatures a scene in which a woman is held prisoner in a self-driving car run amok. Most notorious is a scene from The Fate of the Furious in which hackers remotely control autonomous vehicles to wreak havoc on city streets – even making cars rain down from multilevel parking structures.
While these situations may seem outlandish, they’re not terribly far from reality. Hackers have demonstrated for years now that it is possible to remotely access vehicles’ braking and other crucial systems. A recent study by Georgia Tech’s School of Physics found that if hackers were able to hack only 20 percent of the vehicles in Manhattan they could grind New York City to a halt. Such a hack would not only freeze commuter traffic, but also prevent important services and emergency vehicles from getting around the city.
But is creating chaos the only value proposition for car hackers? Asaf Ashkenazi, Chief Strategy Officer at Verimatrix, a provider of security solutions to the automotive industry, believes we should be worried less about terrorist-level attacks and more about the ways hackers will attempt to turn a profit by hacking cars.
“It’s very sexy to talk about these terror attacks, I think. But if you put aside the terror – big states that are launching acts of war. You have to look at what is the practicality of that,” Ashkenazi told Design News following a talk at the 2019 Drive Conference & Expo.
Here are four major reasons hackers might want to break into your car in the very near future:
1.) Credit Card and Bank Fraud
As vehicles become increasingly connected to infrastructure for things such as automated toll booth payments, it will create more points of entry for hackers looking to steal personal data such as credit card or banking information. “Hackers are looking to make the maximum profit for the minimum effort,” Ashkenazi said. “Cars are going to have to implement a lot of payment systems because you will be able to pay via your car when you go to toll roads and parking lots.”
Fraud can be a big way for hackers to make money. But Ashkenazi also noted there’s a healthy black market for other forms of stolen information as well. Hacked vehicles could provide avenues for stalkers or other malicious parties to track potential victims.
“All the cars will have GPS. So if I have the ability to track any car I can start a service where anyone that wants to track somebody can. I’d just need a VIN number,” Ashkenazi said. “Let’s say that I have access to half of the cars in the U.S. You just log into my service, pay me monthly, and I give you access to track whatever car you want. It’s a great business.”
3.) Helping Car Thieves
Thanks to key fobs and other security technologies, cars are becoming increasingly more difficult to steal the old fashioned way. But hackers could bridge the gap and give thieves an easy way to steal modern vehicles. “Let’s say that I’m a hacker and I have access to your digital key,” Ashkenazi said. “If a car thief wants to steal your car they could connect to a service I offer, give me the VIN number of the car, and I could open it remotely.”
Even if a hacker were able to create a widespread disruption or attack using vehicles, it wouldn’t be the best way to turn a profit, Ashkenazi said. The moneymaking proposition here is to use the exploits to extort companies.
“If I have the capability to stop the car and do all sorts of damage then as hacker I probably won’t use it because the entire world would be after me – FBI and Interpol and the like,” he said. ”But I can demonstrate it to a car manufacturer and say, ‘If you don’t pay me this amount of money I’ll leak it out. The real danger in this situation is the hacker makes the money and the public will never hear about it.”