On Monday, the European Union Agency for Law Enforcement Cooperation halted a hacking attack which targeted vehicles with keyless entry. The hackers had managed to replace the software of the cars pretending to install an automotive diagnostic solution, and they were thus able to unlock the cars, start the engine and drive away. Europol eventually busted the attack, and seized over a million dollars in criminal assets.
Do keyless cars make the job of hackers easier?
Experts claim that keyless cars are easier to hack than traditional ones are, as physical access to a key is not required. Moreover, this type of cars are usually more technology-dependent, and are thus easier to be controlled remotely by hackers. Considering that internet-connected and autonomous vehicles are progressively gaining more and more popularity among consumers, the threats that such cyber attacks pose are likely to increase in the future. Paradoxically, during the 1990s and the early 2000s, keyless entry systems had actually helped to reduce cars thefts because criminals were not yet used to such technologies, but now that they are, technological progress has tragically made their lives much easier (in fact, the ratio of car thefts to total cars has steadily increased over the last 15 years). Recently, researchers have demonstrated how effortlessly one can remotely hack cars and start their engines; in particular the experiments regarded Jeep, Tesla, and Honda cars.
Where are we going from here?
In Europe, legislators have pushed for enhancing cybersecurity rules for vehicles much more than it has been done in the United States, especially because of a lack of financial incentives to prevent such attacks (in fact, the measures required to tackle cyber attacks are generally significantly expensive, and car thefts are typically more of a problem for consumers and insurance companies than they are for car companies themselves).
Surely, harmonizing regulations among countries would help to create a sensible landscape of rules prioritizing the best security measures, and it would also make it easier for companies to implement these security actions.
Author: Giulio Caputi
B.Cyber 
Leave a Reply