NHSTA and FBI offer connected car owners advice to prevent hacking. Suggestions include updating software, checking for recall notices, avoiding malicious downloads, connections and contacting NHTSA. The bulletin also tells car owners what to do in the case that they think a connected car has been hacked.
We would also add that to avoid having your key fob code duplicated at crowded malls and large parking areas to lock the doors with the button on the door. We also suggest that you store the key fob in a Faraday bag or far away from your vehicle so that a signal magnifier can’t be uses. Also it is important that if use an app for remote starting or other features to make sure that app is up to date. The remote climate/charging app for the Nissan LEAF was cut off due to vulnerabilities.
Make sure that your vehicle software is up to date. If an automaker sends a notification that a software update is available, it is important that the consumer take appropriate steps to verify that is authentic it and then update the software
To prevent problems car owners should:
- Verify any recall notices.
- Check on the vehicle manufacturer’s website to identify whether any software updates have been issued by the manufacturer.
- Avoid downloading software from third-party websites or file-sharing platforms.
- Where necessary, always use a trusted USB or SD card storage device when downloading and installing software to a vehicle.
- Check with the vehicle dealer or manufacturer about performing vehicle software updates before updating the software yourself.
If don’t feel you can download the software correctly or the recall software mailed to you, call your dealer and make an appointment to have the work done by a trusted source.
Don’t Modify the Car Software
Making unauthorized modifications to vehicle software may not only impact the normal operation of your vehicle, but it may introduce new vulnerabilities that could be exploited by an attacker. Such modifications may also impact the way in which authorized software updates can be installed on the vehicle.
Be Careful When Using Outside Devics
OBD-ll devices used by technicians, for telematics and insurance should only be from a trusted source.
While in the past accessing automotive systems through this OBD-II port would typically require an attacker to be physically present in the vehicle, it may be possible for an attacker to indirectly connect to the vehicle by exploiting vulnerabilities in these aftermarket devices. Vehicle owners should check with the security and privacy policies of the third-party device manufacturers and service providers, and they should not connect any unknown or un-trusted devices to the OBD-II port.
Keep Your Car Out of Sight out of Touch
In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle.
In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle.
Check for Recalls
It is important that you check to identify whether there are any outstanding recalls related to your vehicle. You may also check via NHTSA tools or on the manufacturer’s website to determine whether there are any software updates that may need to be applied.
If Something Seems Hacked Contact Vehicle Maker
To diagnose whether any anomalous vehicle behavior might be attributable to a vehicle hacking attempt. Contact your vehicle manufacturer or authorized dealer and provide them with a description of the problem so that they can work with you to resolve any potential cyber security concerns.
Report Hacks to NHTSA & FBI
In addition to contacting the manufacturer or authorized dealer, please report suspected hacking attempts and perceived anomalous vehicle behavior that could result in safety concerns to NHTSA by filing a Vehicle Safety Complaint and report it to your local FBI office.