Lock Down Your Car From Hackers

Making a dinner reservation or buying movie tickets from your car's dashboard sounds fun. But linking your car to the Internet from your car needs to be navigated carefully.

Cloud-connected cars won't be secure for another three years, according to manufacturers surveyed by research firm IDC and Veracode, a Boston-based cybersecurity firm which puts the connected car market at $140.3 billion. Still, even that's an optimistic assessment. Why?

"Because the parts are sourced from lots of different vendors," says Chris Wysopal, Veracode's chief technical officer and co-founder. And different vendors may have different security protocols: So if one security systems isn't as secure as another, once they all link together, the whole is only as strong as its weakest link.

Hackers can already stop a connected car in its tracks. That's been demonstrated at last year's White Hat convention, DEF CON, and on CBS's news show 60 Minutes. Symptoms of a cyber-takeover are "sudden changes in the climate controls of the car, lost control of the windshield wipers, unlocking or locking of car doors," says Sergey Lozhkin, senior security researcher at Kaspersky Lab, a Moscow-based security firm.

How to prevent a hacking disaster and secure your connected car? Let's take a look.

Education

One way is to educate car passengers about the risk. Potential rogue programs on a smartphone in the car could provide access to hack your vehicle, says Martin Hunt, automotive industry practice lead at BT Global Services.

"You've got a situation where kids in the back of the car use their smartphones and access the Internet over the car," he says. "The problem that creates is 'What have the kids got on their smart phones?'"

Update patches

Another strategy is to update software patches as soon as they are available. Tesla, widely held to be the leader in the field of automobiles with cloud-connectivity, does emergency patch software that they send out immediately. "The security team constantly reviews and identifies new methods to defend our systems and protect our customers," Tesla spokeswoman Alexis Georgeson says in an email.

Tesla, at present, is the only manufacturer to upgrade over the air from a home Wi-Fi system, says BT's Hunt. But he adds that there is a "natural air gap at the moment between the car and the house," he says, meaning malware in your cloud-connected car is unlikely to infect your home's smart devices—and visa versa.

Ask questions

Another preparedness strategy is to get a sense of how seriously the manufacturer takes security when you are shopping for a cloud-connected car.

"Just ask the salesperson and if they have an answer and can direct you to some material," advises Bryan Fite, global innovation product manager for BT Assure, who calls cloud-connected cars "the Internet of Dangerous Things." Bad news will be if they blink at you and ask, 'What are you talking about?' he says. Read the small print and find out who is accountable if something goes wrong, says Fite.

Wait

Most of all, be very wary about upgrading your 20 year-old car to "this world of vulnerability they were never prepared for," says Konstantinos Karagiannis, chief technology officer, for BT America's Security Consulting Practice. Devices now on the market, like AT&T's ZTE Mobley, advertise that they can provide WiFi capability to cars manufactured as early as 1996. "The best idea would be to not have everything infinitely trusting everything else until there's some kind of cohesive system."