Robbed Cars, Electronic Traps--The Dawn of the Vehicle Hacking Era (2014)

Robbed Cars, Electronic Traps--The Dawn of the Vehicle Hacking Era (2014)

A shocking story reported that a device costing only 12 pounds (about 2,000 Japanese yen at the time) can remotely control a modern car. The device could reportedly be used to control a car's headlights, door locks, and even the steering wheel and brakes from the outside, highlighting a fundamental concern about vehicle security.

Modern vehicles are equipped with several small computers called ECUs (electronic control units), which are connected by a communication network called the CAN bus (Controller Area Network). This network controls all functions such as braking, steering, and lighting, and an intrusion into it could result in the entire vehicle being taken over. Of particular interest is an attack through the OBD-II port, a diagnostic terminal for maintenance. If a retrofitted device with wireless capabilities is connected to this port, it is possible for a hacker to send commands to the car's central system over the Internet.

Indeed, in 2015, US security researchers Charlie Miller and Chris Valasek proved that they could take advantage of a vulnerability in Fiat Chrysler's Jeep Cherokee's Uconnect in-car infotainment system to remotely control the vehicle while driving. The incident sparked massive public concern and led Fiat Chrysler to recall more than 1.4 million vehicles. Additionally, in 2016, China's Keen Security Lab successfully conducted a remote intrusion into a Tesla Model S, demonstrating door locking and braking from 20 kilometers away. Tesla responded immediately and addressed this with a software update.

In recent years, a so-called "headlight hacking" technique has also emerged. This involves removing the headlight unit of the car and physically accessing the CAN bus from there to unlock the vehicle or start the engine. There have actually been reports of thefts of luxury cars using this method, and the importance of physical hardware protection is being reaffirmed.

The first step that vehicle users can take in response to this situation is to regularly apply software updates provided by the manufacturer and to keep up with vulnerabilities. They should also be cautious about using third-party devices that connect to the OBD-II port, especially those that use Bluetooth or Wi-Fi communication. In addition, physical protection should be reinforced with conventional security devices such as steering locks.

As cars have become "running computers," digital security awareness is no longer limited to the IT industry. The time has come for everyone who owns and drives a car to have basic knowledge and attention to cyber risks.