Car Hacking Safety Tips From the FBI and DOT

2015 Jeep Cherokee — Image used with permission by copyright holder

The proliferation of computer-controlled systems and connectivity features in modern cars means they are almost like rolling smartphones. And like smartphones, that means they may be vulnerable to hacking. Demonstrations by security researchers, including highly publicized hack of a Jeep Cherokee last year, have made “car hacking” a major concern.

The issue is now on the government’s radar. The FBI and Department of Transportation (DOT) recently published a list of car hacking safety tips, with basic information about how to prevent hacks, and what do if you suspect your vehicle may be vulnerable.

Recommended Videos

Cars have become increasingly susceptible to hacking as automakers add connectivity features that make wireless access to a vehicle’s systems easier, and blur the line between controls for secondary functions like climate control or navigation, and mechanical components like the brakes and throttle. Manufacturers try to limit these interactions, but increasingly-complex systems give hackers more opportunities to breach security features.

It all comes down to software, so protecting your vehicle can be a lot like protecting your phone or computer. The FBI and DOT advise owners to ensure their vehicle software is up to date and any security updates have been downloaded. But be wary of fake emails containing “security updates” that may actually give hackers access to a vehicle, the agencies say. Always verify recall notices, never download software from a third-party website and, when in doubt, get the dealer to perform updates.

Vehicle owners should also be wary of any third-party software, the agencies say. Aftermarket software is often used to increase the performance of engines and for other tuning tricks, and there are now a host of devices designed to plug into a car’s diagnostic port (called an OBD II port) to monitor performance or send data to insurance companies. Every time third-party software interfaces with a vehicle, it presents an opportunity for a systems breach, the FBI and DOT note.

And just as you wouldn’t leave your computer or phone unlocked around strangers, it’s not a good idea to give them access to your car. Physical access makes it much easier for hackers to tamper with a car’s systems, and it’s not like making it easy for people you don’t trust to have access to your car was ever a good idea in the first place.

The prescription for dealing with a potentially hacked vehicle actually isn’t too different from mechanical defects or malfunctions. The government recommends first checking if there are any outstanding recalls or software updates, and then contacting the manufacturer or a dealer to diagnose any unresolved problems.

Owners can also file a complaint with the National Highway Traffic Safety Administration, which is in charge of recalls, or the FBI, or contact an FBI field office directly.

Editors’ Recommendations