The FBI and the US National Highway Traffic and Safety Administration (NHTSA) have issued warnings to US consumers about the risk of their internet-connected cars being hacked. The law enforcement agency says that connected cars are highly vulnerable to cyberattacks.
The NHTSA and the FBI have jointly issued a public service announcement meant to spread awareness among the general public about the "potential cybersecurity threats" involved in relation to connected cars.
The announcement stated: "While the identified vulnerabilities have been addressed, it is important that consumers and manufacturers are aware of the possible threats and how an attacker may seek to remotely exploit vulnerabilities in the future. Third party aftermarket devices with internet or cellular access plugged into diagnostics ports could also introduce wireless vulnerabilities."
In 2015, Fiat Chrysler recalled 1.4m cars in the US after security researchers uncovered that the cars' controls could be remotely accessed and controlled. BMW's ConnectedDrive feature also had a security vulnerability which was uncovered in February 2015, which could have left over two million consumers' cars vulnerable to being hacked.
The FBI, in its public service announcement has outlined the different kinds of remote access hacks that security researchers have tested and successfully implemented on connected cars so far. Security researchers were able to successfully shut down an engine, disable breaks and steering of a car running at speeds as low as 5-10 mph. In another case, security researchers were able to remotely control a car's door locks, turn signals, GPS and radio.
The public notice goes on to provide some helpful suggestions to consumers, to ensure that they remain aware and on alert for potential threats. The FBI has provided am alert number for the public to use to report cases of vehicle hacking. In addition, the American auto industry has set up an Information Sharing and Analysis Centre (ISAC) to provide law enforcement with relevant cybersecurity information in case of a threat.