Today’s cars are equipped with a wide range of options and devices to make driving easier and provide the driver with as much information as possible. The increasing level of technology in cars on the market not only makes life easier for users, but also opens the way for cyber attackers to attempt to steal data exchanged between control units. Access to this data makes it possible to modify, replicate or block it, causing major problems such as brake failure or even remote control of the car. From this it is easy to see that the consequences of a cyber attack on a car are far more serious than a blocked app or a malfunctioning operating system, as they directly impact the health of the driver and unsuspecting passengers. Of course, there is also a risk to privacy, directly from radios with built-in phonebooks, but also from navigators from which it is really easy to trace movements and consequently to know the habits, addresses and acquaintances of the user.

The first was a Jeep Cherokee, from which two hackers managed to gain control of various devices such as windscreen wipers, climate control, radio, and control of the vehicle itself through the U-Connect infotainment system installed in the car. Another example concerns General Motors a few months after the first one, where a hacker managed to unlock some vehicles by exploiting the OnStar system that allows the owner to unlock the car and start it via an app. New cars equipped with Android-based in-vehicle infotainment have also been considered at risk after malware was detected in some apps downloaded from sources outside the official market, which can access services such as in-car microphones, parking cameras and GPS location.

The reasons why an attacker is driven to hack into a car may, however, go beyond the mere harm of the driver, but have a purpose related to obtaining and studying the personal data of the driver, aiming at a possible very detailed profiling: through the different driving styles of drivers, it is possible to identify the driver in order to target marketing campaigns of an insurance nature, for instance.

Marco Serico