July is the worst month of the year for stolen vehicles, and security experts say that the risks involved in auto theft are changing. As autos have gotten “smarter” in recent years thanks to the increasing use of onboard computers, they have become a target for tech-savvy criminals who can use new digital tools to access your vehicle.
While taking off with a car whose owner left the keys in the ignition is still the most common type of auto theft, there have been reports in recent years of criminals using “mystery boxes,” devices that can exploit a key fob-based electronic system and unlock a vehicle and its trunk without having an actual key, or using just a laptop to enter and drive off with a stolen vehicle.
In a highly publicized stunt last summer, hackers were able to take control of a Jeep Cherokee remotely and access its steering, brakes and transmission, all while someone else was driving the car. While there haven’t been any known instances of hackers pulling off that type of event in order to steal a car, the event proved that it can be done.
“Our vehicles are becoming computers, and if it’s a computer, it can be hacked,” says D.J. Thompson, senior director of law enforcement of LoJack. Just as cyber-criminals are now locking consumers out of their computers and demanding ransom to restore access, they may soon be able to do the same thing with your car, he says.
“The auto manufacturers are aware of the risk,” says Frank Scafidi, director of public affairs for the National Insurance Crime Bureau. “It’s a race between how much convenience and functionality they can deliver to their customers via wireless connectivity versus how much we can insulate them from the risk.”
The danger grows as more connected cars hit the road, and this spring the FBI issued a public service announcement warning consumers of the growing cyber security threat to vehicles. This year, 133 vehicle models come with a standard connection to the internet, according to LoJack. Research firm Gartner predicts that there will be a quarter billion connected vehicles on the road by 2020, making up 20 percent of all cars.
Experts offer the following tips to keep your car (and your data) safe from criminals:
* Never leave your keys or valuables in the car. This low-tech approach will prevent the most common form of auto theft. “The first layer of prevention is common sense,” says Steve Hall, a first sergeant with the Virginia State Police’s Help Eliminate Auto Theft program. “Do what you need to do to protect your property.”
* Update your operating system. If your car manufacturer updates the software for your car, download it right away. If car companies learn of a weak spot in their operating system, they’ll provide a patch to address it through a software update.
Register with your manufacturer for alerts on updates or any recalls related to the security of the car. You can also enter your car’s VIN number into NHTSA’s recall database to see if there are any outstanding recalls.
If your car requires a password, choose a strong, unique one and change it frequently.
* Never store your home address in your GPS. If a criminal steals your car, it’s easy for him to select “home,” drive there, and use your garage door opener to let himself into your house. “They know you’re not home, because they just stole your car from somewhere else while you were out,” Thompson says.
* Consider having your VIN etched into your windshield. Today’s thieves can now create a fake VIN and matching documents. If you engrave your actual VIN into your windshield, the thieves have to replace that making it a lot more expensive. Some police departments will do this for you for free. Bonus: Some insurers will offer a discount to car owners who do this.
* Be careful about which devices you connect to your car. Any time you use a third-party device such as a phone or tablet, you’re creating a new access point for a criminal to access your data or the car’s operating system. Devices such as an insurance dongle that connect to the diagnostic port used by mechanics are particularly dangerous, since they provide direct access to the vehicle’s operating system. Before attaching anything to your car’s diagnostic port, read carefully through the privacy and security policies of both the provider and the manufacturer of the device.