Below are some attack surfaces.

OBD-II

OBD-II is located under the hood and is a mandatory device in the car. Car hacking through the OBD-II requires physical access to the car. Through OBD-II port, hackers can access car’s Controller Area Network (CAN). The CAN bus is a self-contained network. In other words, if a user gets command of the OBD-II or CAN bus, the user gets full control of a vehicle.

CD, USB & portable devices

Almost all cars are sold with some sort of entertainment system. A driver can connect a device to a vehicle and transmit malicious software. The problem is that the entertainment systems are not stand-alone systems anymore. They are typically interconnected with a CAN bus, or interact with car systems (like hands-free features), or support a path of updating firmware or software. All critical systems can be compromised.

Bluetooth

Bluetooth became a norm in almost all new car models. In addition, Bluetooth allows synchronisation of a smartphone with a vehicle (address book, pictures and music). Synchronising a device with a car requires selecting a smartphone device on vehicle’s computer and then entering the PIN number on a smartphone. An intruder can access the PIN number via an unpaired device or access the system after a device was paired (involves physical access).

Remote keyless entry

Currently, almost all new medium and upper-class vehicles have a Remote Keyless Entry (RKE) system. This system allows drivers to remotely open doors, start the engine, turn on lights, and activate the alarm. When the button is pressed, information is sent from a key fob to the car’s receiver, and then the signal is decoded by a transmitter and passed on to the CAN bus to perform an operation. It is possible to make a vehicle deny access to the car or unlock/start a vehicle without a key fob.

Immobiliser

The immobiliser is a technology which prevents a car being started with an incorrect key. A reader near the steering column scans a Radio Frequency Identification (RFID) tag, usually embedded in a key, and then if the ID is correct, it unlocks the engine system. Technically, intruders can create a denial of service; however, they need to be in a proximity of around 1cm.

TPMS

Tyre Pressure Monitoring System (TPMS) is a sensor that monitors tyre pressure. It alerts drivers if tyres are over or underinflated. These sensors are mandatory for all new cars sold in the US. It is possible to sabotage the TPMS and make the car think that there is a problem with the car’s tyres. An indicator will also not flash if there are problems with tyre pressure.

DSRC

DSRC is a mean of communication between connected cars, and each connected car communicates with other connected car passing information between OBUs. It is the biggest vulnerability of a connected car. One infected connected car has a capacity to pass on malicious content to another vehicle over DSRC causing pandemic.

GPS, RDS & TMC

GPS, RDS and TMC are implemented in a car’s media system. The role of these systems is to provide updates on traffic jams, road works and similar information. These systems provide access to other important car’s electric control units. Intruders can insert incorrect messages to mislead the GPS and other warning services that use RDS or TMC, or both.

Remote Telematics Systems

Remote telematics systems offer features like eCall, anti-theft tracking, diagnostics, crash reporting, or hands-free navigation to driving directions or weather forecast. Major OEMs provide such services. Remote telematics systems give the widest scope of attack opportunities as they use a cellular connection and in newer car models WiFi hotspots. Even though the telematics module is not connected to the CAN bus, it can transmit data to another location if hacked.