The FBI is warning consumers that modern motor vehicles are increasingly vulnerable to remote exploits and hacking attempts.
On Thursday, the Internet Crime Complaint Center (IC3) issued an alert warning consumers about the security threats associated with modern motor vehicles and the need to mitigate these risks on an ongoing basis.
The IC3 bulletin also provides a URL which links to a public service announcement.
In that PSA, the Federal Bureau of Investigations (FBI) explains how most modern motor vehicles contain a number of electronic control units (ECUs), computer systems that help monitor and operate a vehicle’s steering, entertainment systems, braking, and other functions.
It is these connections, not to mention wireless capabilities and diagnostic ports, though which an attacker could seek to gain unauthorized access to a vehicle and disrupt its functionality.
“Vulnerabilities may exist within a vehicle’s wireless communication functions, within a mobile device – such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi – or within a third-party device connected through a vehicle diagnostic port,” the FBI observes. “In these cases, it may be possible for an attacker to remotely exploit these vulnerabilities and gain access to the vehicle’s controller network or to data stored on the vehicle. Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems.”
This statement in part responds to a discovery made by security researchers Chris Valasek and Charlie Miller last year.
By exploiting a vulnerability in the Uconnect cellular connection of a 2014 Chrysler Jeep, the duo demonstrated that an attacker could potentially leverage that hack to gain access to the vehicle’s physical components, including its brakes and engine.
Chrysler has since issued a recall of its vehicles affected by the hack. Shortly thereafter, three jeep owners filed a class-action lawsuit against Chrysler for the Uconnect vulnerability.
To address the threat of remote exploits, the FBI urges consumers to check their vehicles VINs twice a year for recalls here. They also warn about the importance of keeping all vehicle software up-to-date and of exercising caution when connecting third-party devices to a vehicle.
For more information on how consumers can mitigate the risks facing modern motor vehicles, please read the FBI’s announcement in full here.