Imagine your car has just been stolen. It’s brand new and you’ve barely made your third payment. You held onto that old Taurus until the fenders almost rusted off, got pre-approved credit at the bank and just bought the newest model that included all the bells and whistles. Now it’s gone, but here’s the final insult that makes you feel just that much more helpless: Your car is still in the driveway. It’s called ransomware and it looks to be the future of car theft.
To start off with, Ransomware is like a virus that can be covertly installed traditionally on computers without knowledge or intention of the user and when activated it restricts access to the infected computer system in some way (normally you can’t access your data), and demands that the user pay a ransom to the hacker to remove these restrictions. Ransomware has actually been in the news recently, mostly for high profile cases involving large institutions. For example, a Los Angeles hospital had to pay $17,000 US in Bitcoins (which is an untraceable digital currency) so that hackers who had disabled their computer system would give the hospital the decryption key to get back access to their data.
Most of today’s modern cars are controlled and maintained by computers and computer programs. Many are even now internet-connected. Sometimes when your vehicle is called in for service it is for necessary software updates and therefore those updates are applied by your mechanic plugging in a USB device to your vehicle and uploading the updated software to your vehicle’s computer. If the updated software or the USB device is compromised in any way with a virus or Ransomware, and I’ve come across several real-life examples so far where this is the case, then that innocuous visit to the mechanic now becomes a hack attack on your vehicle. This type of malware will actually render the vehicle unusable with a message on the display saying ‘if you pay us the money, we’ll release the car’.” I’ve even come across a case of an entire fleet of vehicles disabled by ransomware.
With that in mind, cars are now becoming Wi-Fi enabled, which means lots of interesting things can get pushed to you vehicle’s on-board computers. Software updates by manufactures can now be pushed over the vehicle’s Wi-Fi, instead of through a physically connected USB device which opens up a much more dangerous way to infect a car with malware. Not only that but based on my research, vehicles are now becoming equipped as point of sale devices where you can actually load your credit card information into the vehicle to make wireless or contactless payments – some examples manufactures are trying this out with is wireless payment at the pumps. This method of payment poses a tremendous risk to vehicle hacking not to mention theft of your sensitive data. Keep in mind too that a lot of the big malicious malware hacks in the past couple of years have been at point of sale devices. Target and Home Depot are just a few to mention.
If anyone is in the market for a connected car, I’d be very careful and ask a lot of computer/security-related questions before you purchase. Vehicles these days are powerful computers that monitor and control every aspect of driving experience. Having all the bells and whistles before everyone else might not be a good thing.