4 simple ways to secure your Internet-connected car

Cars with systems that connect to the Internet are potentially vulnerable to intrusions by hackers. Here are four steps to help protect your automobile without spending a dime.

Chances are you heard about the pair of clever guys who earlier this year hacked into a Jeep Cherokee's onboard system over the Internet and turned off the engine while the car was on the highway. Although the hack was a controlled demonstration, it proved that such actions are possible, and that scared a lot of people.

arxan connected car hack Arxan Technologies

Click for full size connected car security infographic

Here's the good news: No evidence exists that anyone has duplicated the exploit in the real world. The incident was also a wakeup call for automakers that are rapidly adding Internet-connected features to cars. Hacking into an automobile is quite difficult, as well, and likely beyond the capabilities of your average numbskull.

That's not to say these kinds of attacks won't ever happen, and a few simple safeguards can make your connected car a lot more secure — and they won't cost you a penny.

4 steps to protect your connected car

I recently spoke to a security expert who has dedicated a good amount of thought to the issue. Matt Clemens is a security solutions architect with Arxan Technologies, a company that specializes in helping software developers protect their code from hackers.

"The Jeep hack was a game-changing event," according to Clemens. Few people had given that sort of attack much thought, but the auto industry is now taking it very seriously, he says. Chrysler, for example, hadn't adequately protected a website that contained source code for some of its devices. The "white hat" hackers broke into the site, stole the code, reverse engineered it, and used it to take over the Jeep Cherokee.

Chrysler fixed that problem, and other auto and component makers subsequently took similar steps, according to Clemens.

To help avoid any problems in the future, Clemens suggests all connected car owners follow these four steps.

  • Contact a car dealer, or your mechanic, and make sure the car's software is up to date. If you do not have the latest software version, update it immediately. In the future, you'll likely be able to download such updates automatically, but most cars don't offer this option quite yet.
  • Don't "jailbreak" the software in your car or on the devices that connect to it. (Jailbreaking removes manufacturer security protections to enable advanced features.) Doing so voids the warranty, and could open the door to hacks.
  • Don't plug random devices into the car's USB ports or OBD2 diagnostic port. (The later is located under the dashboard and is used by mechanics to check the engine and other systems on cars built since the late 1990s.) Clemens says you should avoid devices like the dongles supplied by Progressive and other auto insurance companies, which use the Internet to broadcast data on your driving habits.
  • If you want to use a connected-car device or app, do some research, or ask the manufacturer, if it has been hardened before using it. If not, think twice about the risks versus benefits.

Clemens wasn't trying to convince me (or you) to buy anything, so I take him seriously. We live in a world that's packed with foolish, often dangerous, people and we all use increasingly complex devices we don't really understand. It's not hard to imagine someone successfully hacking automobiles in the future, and it's not a bad idea to start thinking about connected car security today.

Join the CSO newsletter!

Error: Please check your email address.

More about CherokeeClick

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Snyder

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place