Argus Cyber Security, the Israeli cybersecurity company, said late last week that it was able to hack into a vehicle’s internal communication system using a device installed in cars by insurance companies to track driving patterns, or for car owners who want in-vehicle Wi-Fi.
According to a report in The Wall Street Journal, Argus Cyber Security is well known in the automotive industry, and last week it prompted a signal to disable the fuel pump, something the paper said typically would only happen after a car crashes. Argus didn’t reveal what car it was able to hack, saying most cars have the diagnostic port designed for the device known as the dongle.
The WSJ noted that two years ago two security researchers were able to control a Jeep Cherokee via a Wi-Fi connection. In recent years, cars have been connected more to external communication, resulting in computer experts finding security holes in firewalls installed by the car makers.
“These firewalls are really new and immature in their security measures,” Ami Shalev, Argus research team leader, said in an interview with the WSJ.
In response to all the hacks of computers, Tesla and other car makers have been bolstering their security, and car companies are launching programs to get hackers to pinpoint security vulnerabilities. Argus used a device from German auto supplier Robert Bosch GmbH called Drivelog Connect for the hacking. It sells in Europe for about $75, reported the WSJ, noting the device collects vehicle data and sends it to a smartphone via a Bluetooth connection, alerting owners to maintenance issues and engine performance.
Bluetooth-enabled dongles that provide car owners with in-car Wi-Fi connections can also be used to hack any car built since 1996, noted the report. Argus told the WSJ the hack happened in February in Tel Aviv in a controlled environment and that it could be copied in other cars using the Bosch device.
“We estimate we can do that on any car,” said Yaron Galula, Argus’s chief technology officer and co-founder.