It’s now been shown you can hack into a radio with a laptop, an OBD2 device with a text message, and a keyless entry system with a $32 device, so where does that leave aftermarket products?
In the latest hacking revelation researchers showed they can wirelessly hack into thousands of cars through an OBD2 insurance tracker made by Mobile Devices, said Wired. By sending a specific text to one of the OBD2 dongles in a Corvette, they could activate the car’s windshield wipers and tamper with the brakes.
VOXX, which sells an aftermarket OBD2 insurance/GPS tracker, said its device relies on a double encryption system, and it’s pleased with it’s level of security. The company’s Dan Murphy said, the Car Connection and CarLink (remote start from a phone) uses “a patented encryption program with two US patents also used by Homeland Security in a different application. So we feel very good about the encryption technology we’ve incorporated.”
Late last month, researchers also hacked into Uconnect radios as told by Wired, which led to a recall of 1.4 million Fiat Chrysler vehicles. The entry point for hackers was a Harman-supplied radio with an Internet connection. Harman has since said the problem was limited specifically to the Uconnect radios and that its radios in other cars would not have the same problem.
Kenwood said it doesn’t see this as a major problem for aftermarket products.
“It’s just not really relative to what we’re doing. I suppose anything can be hacked if someone puts enough effort into it. In the case of OEM hacking, there’s a direct connection to the vehicle bus. But I just don’t see it as a huge concern for the aftermarket where an aftermarket product is connected to another device. We’re not the ones making the vehicle bus adapters and we’re not tapping into the OBD2 port,” said Kenwood’s Rick Noetzli.
Fortin, which makes aftermarket data modules for remote starters (so a remote starter will work with a specific car), said you need a factory key to program a module or to reprogram it once it’s erased.
A manager at one of the leading data module companies said he had worked at more than one data module company. “Everyone in the industry that I’ve worked for, has taken encryption into consideration. We never wanted to be blamed for people stealing our vehicles.”
About that $32 device, it was developed by noted hacker/security researcher Samy Kamkar and it can defeat the rolling codes used in keyless entry systems. We did not ask other aftermarket companies about this device specifically, but Directed volunteered, “We are currently reaching out to Mr. Kamkar to review his research findings.”