So Ya Bought the Car: Part II

Get to Know Scott Augenbaum


Congratulations on your new purchase. A new vehicle is always fun and exciting. After all the research that went into this expensive new purchase, it goes without saying that the last thing you’re probably thinking of is cybersecurity. I’ve already told you how to best handle business transactions like these (create a separate email for spam), but what happens once you’ve driven off the lot? Are you safe?

Technology is changing at a rapid pace, and so is the automotive industry. 

I recently purchased a new car, and boy was it different than my older model vehicle. Many companies have their own app, so you can see everything that’s going on with it- inside and under the hood. The dealer told me all of the great things I could do, such as lock/unlock the car, start the car remotely and see where the car is at all times- with a quick swipe of my phone.  Now I’m an information security guy at heart; however, in this case the convenience factor came into play. After driving an old car for many years, I just had to see what this technology could do for me.

I downloaded the app and the first thing I noticed was that there was no multi-factor authentication set up. However, it did ask me to create a four digit PIN number. This way, if the bad guys steal my username and password they will need that four digit PIN that nobody would ever guess. So how do you come up with a secure four-digit PIN? I recently read an article that said most people use one of these 20 four-digit PIN numbers. I made sure mine wasn’t one of these, and continued on.

Even with my warning lights flashing internally, I pushed forward and entered my username, which was my email address, and used a seperate password that I never used for anything else. I also made sure the password was at least 15 characters in length. 

Just remember- under no circumstances should the password for your email be the same password for any application.  

TA-DA! I now have this cool app to my new car.  Last night I was able to make sure the doors were locked just by pushing a button. When it gets cold, I will be able to remote start my car. When my kid borrows the car, I can just pull up the app and see where the car is located (pretty nice feature if you ask me). I have to accept that I now have little to zero privacy, since the location services provide information to the car manufacturer- and who knows who could have access to this information. For the most part,  I’m okay with that. Are you?

So here’s the worst case scenario. If the bad guys steal my username and password for my email account (via phishing, keystroke logger or data breach) they will see by looking through my emails that I have this app. The car manufacturer regularly sends me an email to provide me updates. The bad guys are going to bank on the fact that 60% of the population is using the same username and password for their email, as they do for multiple accounts. When the bad guy is challenged with the four-digit PIN, he has a one in four chance that I’m using one of those 20 PINs. If he gets it correct- he could see a lot of sensitive information about me and my whereabouts. I have to stop myself from going down this rabbit hole of bad things regarding technology.  Even though I’ve seen thousands of cybercrime cases, I never actually dealt with anything like this. I don’t want to turn into “that guy” who thinks everything is bad and evil. 

However, this is all new. Cybercriminals seek new ways to find victims daily, and they use what is new and popular to gain access. 

I should have quit while I was ahead because I discovered an article on keyfob cloning on the Tesla. This allows the bad guys to clone the frequency on the keyfob, and steal the car without ever touching a key. I may not have a Tesla, but the security issue remains the same. This is a technical attack- and we are totally at the mercy of the car manufacturers to create products that are safe to use. 

Whether it’s through an app, or the actual key itself- this might be the next big cybersecurity issue. And a dangerous one at that. 

So before you drive off the lot with a new tech-saavy ride, just think about how much technology is dependant on the operation of the vehicle. What are your thoughts on it? A help, or a hindrance? No matter if it’s on or off the road, practice great cyber-hygiene to keep you and your family safe!

Leave a Reply

Your email address will not be published. Required fields are marked *