The recent discovery of a critical flaw in an unnamed carmaker’s dealership portal is a stark reminder of a growing threat: car hacking. While this particular vulnerability could have let a hacker access sensitive customer data and even remotely control vehicles through a simple admin account, it’s just one of many ways modern cars are being targeted.
Today’s vehicles are essentially computers on wheels, filled with dozens of electronic control units (ECUs) and interconnected networks. This “internet of cars” provides convenience but also introduces a massive attack surface for cybercriminals.
Beyond the Dealership Portal: Other Forms of Car Hacking
The security flaw found by researcher Eaton Zveare is a powerful example of an indirect remote attack—using a compromised back-end system to manipulate vehicles. But hackers have many other entry points:
- Wireless and Remote Attacks: This is the most common type of car hacking.
- Infotainment and Telematics Systems: Much like the famous 2015 Jeep Cherokee hack by security researchers Charlie Miller and Chris Valasek, vulnerabilities in a car’s infotainment system or its built-in cellular network (telematics) can be exploited to gain access to critical vehicle functions. In the Jeep incident, the hackers were able to remotely control the steering, brakes, and transmission, leading to a recall of 1.4 million vehicles.
- Key Fobs: Attackers use “relay attacks” to amplify the signal from a key fob inside a home to a car parked outside. This tricks the car into thinking the key is nearby, allowing thieves to unlock and start the engine.
- Physical and Short-Range Attacks: These require a hacker to be in close proximity to the vehicle or have physical access.
- OBD-II Port: The Onboard Diagnostics port, which mechanics use to diagnose engine issues, is a direct gateway to the car’s internal network (CAN bus). A hacker with physical access can plug in a malicious device to inject commands or install malware.
- Bluetooth and Wi-Fi: Poorly secured Bluetooth or Wi-Fi connections can be used to connect to a car’s network and take control of various systems.
The Consequences: From Data Theft to Fatal Crashes
The risks of car hacking are not just hypothetical. They pose a threat to both personal security and physical safety:
- Data and Privacy Breaches: As seen with the dealership portal flaw, hackers can steal customer information, including names, addresses, and financial data.
- Vehicle Theft: Hackers can use key fob exploits or gain remote access to disable security features and start the engine, making car theft easier.
- Safety Risks: The most dangerous attacks involve taking control of critical systems like braking, acceleration, or steering, which could lead to a catastrophic crash.
As cars become more autonomous and connected, the automotive industry faces a huge challenge. While automakers are investing more in cybersecurity, the interconnectedness of their systems—from dealership software to third-party APIs and over-the-air updates—creates a vast and complex attack surface. It’s a race against time to secure these vulnerabilities before malicious actors can exploit them.