Criminal Overlap: The Hacking Theft of Cars
The US National Insurance Crime Bureau (NICB) has recently released a report which describes a sharp uptick in cars being hacked and then stolen.
The NICBâ€™s President Roger Morris went as far as to state that â€œWe think it is becoming the new way of stealing carsâ€.
While car thefts using hacks are just gaining traction, the underlying issue is much older: As more and more systems become controlled by computers (â€œsmartâ€), they need reliable update mechanisms to ensure their security.
Many devices such as smart appliances, smart meters and cars among others are not capable of automatic updates and thus expose a large attack surface.
For example, once attackers find a way to replicate contactless car-keys, there is no way for the car company to update the cars and keys to a more secure implementation short of physically re-fitting all affected cars at a mechanic.
In the case of older cars, this often means replacing the hardware controlling the car locks and ignition, leading to a significant cost and time required for the upgrade. This disincentives the carmakers to publicize any discovered vulnerabilities and drivers to bring in their cars for a lengthy upgrade.
As cars are equipped with board computers and auto-pilots, this class of issues is going to increase in prevalence until car manufacturers establish clear policies and upgrade mechanisms to address cyber threats.
Since virtually every industry moves towards smart components, hackers will find more and more overlap with traditional crime as this case of cyber car thefts exemplifies.
We urge any organization to consider the potential impact of a hack when adding smart devices to their infrastructure. Smart devices must be updatable and well supported by their manufacturer or they will eventually end up as a security liability.