FBI warns vehicles are ‘increasingly vulnerable’ to cyber attacks

The FBI has warned that modern vehicles are becoming “increasingly vulnerable” to cyber attacks and warned that the safety of plug-in telematics devices is paramount.

In a public service announcement released last week, the FBI and National Highway Traffic Safety Administration  (NHTSA) in the United States, warned that drivers need to be wary of cyber threats.

“Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience,” the PSA notes.

“Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.

Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”

The announcement follows news last year that hackers had infiltrated and taken control of a car whilst driving on the freeway in an experiment for technology site Wired.

The FBI acknowledged that this amount of control remains the biggest threat to vehicle owners but other issues are still prevalent.

“Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems,” the announcement continued.

The security and safety of plug-in telematics devices, which use the cars OBD-II slot under the dashboard, were also mentioned for monitoring as Progressive suffered a hack of their device last year.

“More recently, there has been a significant increase in the availability of third-party devices that can be plugged directly into the diagnostic port,” the PSA states.

“These devices, which may be designed independent of the vehicle manufacturer, include insurance dongles and other telematics and vehicle monitoring tools. The security of these devices is important as it can provide an attacker with a means of accessing vehicle systems and driver data remotely.

“Vehicle owners should check with the security and privacy policies of the third-party device manufacturers and service providers, and they should not connect any unknown or un-trusted devices to the OBD-II port.”