FBI says car hacking is a real risk

Security researchers have shown they can take over steering and disable the brakes of moving vehicles.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read
Enlarge Image

Fiat Chrysler recalled 1.4 million vehicles last year due to a bug in its Uconnect software.

Antuan Goodwin/CNET

If you're not already worried about your car being hacked, you really should be, the US government says.

Connected cars are becoming "increasingly vulnerable" to cyberattack, according to an advisory issued Thursday by the FBI and the US National Highway Traffic Safety Administration.

They are just two of the latest organizations to voice their concern about software vulnerabilities in cars, which first came to light in 2013. These concerns are not unfounded.

New cars that go on sale are increasingly connected to the Internet and mobile devices, with features such as being able to use your phone to remotely start a car or get engine diagnostics. These features are meant to add convenience for drivers, but they also give hackers more opportunities to take control of vehicle systems.

Last year, Fiat Chrysler was forced to recall 1.4 million cars when it was discovered their remote controls could be hacked into. In the last few months, General Motors and BMW have issued important security updates for some of their cars.

In its public service announcement, the FBI outlined the kinds of hacks security researchers have been able to perform. In a target vehicle traveling at low speeds (5-10 mph), researchers were able to shutdown an engine as well as disable brakes and steering. In a target vehicle traveling at any speed, they were able to control door locks, radio, GPS and the turn signals.

"Although vulnerabilities may not always result in an attacker being able to access all parts of the system, the safety risk to consumers could increase significantly if the access involves the ability to manipulate critical vehicle control systems," reads the advisory.

While identified vulnerabilities "have been addressed," the FBI suggests you stay on your guard nevertheless. To keep your car safe, it recommends taking the following precautions:

    • Try to stay aware of the latest recall notices affecting cars
    • Ensure vehicle software is up to date
    • Be careful when making any modifications to the car's software
    • Exercise discretion when connecting third-party devices, like smartphones or tablets, to your car
    • Stay in control on who has physical access to your vehicle