Nearly a year after the very public hacking of a Jeep that eventually led to the recall of more than 1.4 million Fiat Chrysler vehicles, federal law enforcement and vehicles safety officials are warning carmakers and owners that their vehicles are “increasingly vulnerable” to hackings.
The FBI, along with the National Highway Traffic Safety Administration, issued a safety bulletin on Thursday addressing concerns that vehicles are quickly becoming a target for hackers.
“The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles,” the agencies said in the bulletin.
Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience, the agencies say, noting that with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.
The bulletin was issued following an analysis that demonstrated researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities.
“While the identified vulnerabilities have been addressed, it is important that consumers and manufacturers are aware of the possible threats and how an attacker may seek to remotely exploit vulnerabilities in the future,” the bulletin states.
The FBI and NHTSA contend that while not all hacking incidents may result in a safety risk, it is important that vehicle owners take appropriate steps to minimize the risk.
According to the bulletin, criminals could exploit online vehicle software updates by sending fake “e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software.”
The bulletin offers several tips for car owners on how to minimize vehicle cybersecurity risks, including ensuring software is up to date, exercising discretion when connecting to third party devices, and being aware of who has physical access to their vehicles.
In the past year, there have been several cases in which vehicles have fallen victim to hackers.
In July 2015, security researchers Charlie Miller and Chris Valasek, hacked the Jeep while a Wired.com reporter was driving it, exploiting a flaw in Uconnect that gave them the entry point to wirelessly take control of the vehicle.
General Motors also found itself on the receiving end of hackings, when researchers claimed they were able to control any of the carmakers vehicles with OnStar. Additionally, hackers cut a Corvette’s brakes wirelessly to provide it could happen to just about any car with a computer in it.
Just last month, Nissan announced it would disable an app for its electric Leaf vehicle after researchers found a flaw that allowed someone to remotely control the car’s temperature.