Can Hackers Use Bluetooth to Boost Your Ride?

By Catherine Powell

Image courtesy Pixabay

Modern automobiles are more like computers with four wheels and an engine than motor vehicles these days.  Everything from the way we operate them to the way they're serviced seems more like mission control than old fashioned auto mechanics.  While all this technology has given vehicles the ability to do things we could only dream about in decades gone by, it has also opened the door to hackers and car thieves like never before.  While I pointed out in previous blogs how hackers can crack keyless entry systems and use trackers to steal your vehicle, recent advances in black hat hacking technology has made boosting your ride as simple as point and click.  Before you head out to the office or the store only to discover your vehicle is missing, I want to share some of the latest examples of high tech auto theft that can prove to be a menace to you.

Web Gone Wild?

Back in 2021, several creators on TikTok showed viewers how to turn Grand Theft Auto from a game into the real deal when they demonstrated how easy it was to steal certain models of Kia and Hyundai automobiles.  As a result, thefts of Kia and Hyundai's went through the roof in the past two years.  Not only did this cause owners of affected vehicles to have to take their vehicles to the dealer to remedy the security lapse that started the craze, but many of those same owners had their insurance premiums increased when it came time to renew their policies.  Bear in mind while Kia and Hyundai hacks have proven newsworthy as of late, other makes that have been hacked in the past include Audi, BMW, Ferrari, Ford, Honda, Infiniti, Jaguar, Jeep, Land-Rover, Mercedes Benz, Nissan, Porsche, Rolls Royce, and Toyota.

It doesn't take a computer scientist to hack a vehicle.  All it takes is off-the-shelf software or hardware and a how-to video, all of which is available on the dark web.  One way to help thwart such hacks is to install a low-tech steering wheel lock.  While it won't prevent thieves from breaking into your vehicle, it will make it impossible to drive it away. 

Image courtesy Pixabay

Are you blue? You will be if hackers use Bluejacking or Bluebugging to compromise the security of your vehicle.  Hackers nowadays can use wireless technology do everything from listening into your conversations to hijacking your text messages to remotely unlocking and starting your car.  Sophisticated software such as Bluesniffers and hardware including Bluescanners have been developed over the past few years by cyber criminals looking to use Bluetooth technology to infiltrate the electronics on late model vehicles.  Hackers can use Bluetooth to reprogram your vehicle so your vehicle will no longer recognize your key fob which will render you unable to enter or start it. A hacker can use Bluetooth to track your location or disable your car's brakes or steering.  What's even worse is that once hacked, your automobile can in turn infect every device connected to it via Bluetooth.  This means any malware delivered to your vehicle can jump onto your smartphone as soon as it connects wirelessly. What can you do to stop getting blue:  

1. Instead of using your key fob to lock your vehicle, do it manually. This way thieves can't sniff out your key fob's signal.
2. Be careful who you let inside your ride.  If your passenger has nefarious intentions, or if your friend's smartphone has been compromised, your vehicle could be hacked by what's known as a drive-by download.
3. Avoid plugging MP3 devices into your dashboard.  If the device has been hacked, it's a perfect way for criminals to deliver a payload to your car.
4. Check with your vehicle's manufacturer to see if any new software updates are available for your make and model.
5. Make sure every device connected to your vehicle has up to date malware/antivirus software.
6. Turn Wifi and Bluetooth off.
7. Store your key fob in a metal box when not in use.
8. Be careful which apps you load onto your smartphone or your car's in-dash system.
9. Have a V2V (vehicle-to-vehicle) and V2X (vehicle-to-everything) firewall installed in your automobile. 
10. Keep abreast of vehicle recalls.  If your dealer sends you a notice for a free update, don't delay in scheduling a service call.

Image courtesy Pixabay

Time to take your vehicle in for maintenance? One of the best ways to gain access to your vehicle is via its computerized vehicle diagnostic system.  Who needs Bluetooth when a mechanic can jack directly into your car's on-board diagnostic dongle, CAN bus, or audio port?  Once plugged into your vehicle, hackers can have a field day implanting malware that can later be used to steal information from anything wirelessly connected to it or to steal your car outright.  Even if the shop you take your car to for service isn't in on the scam, an enterprising mechanic/hacker can easily augment his income by hacking vehicles he's assigned to work on. 

How do you know if your car has been hacked?  There are a number of subtle and not so subtle signs that a vehicle has been compromised by hackers:

1. Does the volume on your car radio seem to increase or decrease on its own?
2.  Is your car's AC system acting up by making it too hot or cold inside the cabin?
3.  Is the time on your dashboard clock incorrect?
4. Do you have to apply more force than necessary on the brake or accelerator pedals to stop or go?
5. Does the steering seem to be acting a bit erratic?
6. Has your car's GPS system ever changed your destination without any input from you? 
7. Ever had trouble locking or unlocking your vehicle?
8. Have your windshield wipers turned on or off on their own?
9. Do your dashboard lights seem to be behaving oddly?

Can your car be held for ransom?  As of the publication of this blog, there has yet to be a driver who has reported their vehicle being disabled by ransomware.  That's the good news.  The bad news is that auto industry pundits and cyber security experts warn that it's just a matter of time before ransomware makes its way into automobiles. A 2021 blog by Car & Driver reported:

Michael Dick, CEO of C2A Security, an Israel-based automotive cybersecurity company, told the Free Press he expects the current trend of hackers holding digital data on computers for ransom to move to cars at some point. When this happens, drivers will not be able to start their vehicle until they pay off the hacker or suffer the consequences. "There's no way around it," he said. "You'll have to get it towed and get all new software to start it."

What else can you do to protect your vehicle from hackers? Aside from taking vehicular cyber security more seriously, you can install everything from a wheel lock or ignition kill switch, to a GPS tracking system that will enable you to tell the police where to find your car if it is stolen.  If one thing is certain, it's that hi-tech grand theft auto is nothing to play around with.

Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more about saving money on all your insurance needs, check out her website at http://aplusallfloridainsuranceinc.com/