Risk Insights
October 17, 2019

Are You Prepared for a Vehicle-Borne Cyberattack?

U.S. security agents stand guard at the limo of US Secretary of State
J. SCOTT APPLEWHITE/AFP/Getty Images

In this blog post, Dale Wooden discusses how modern vehicles are vulnerable to cyberattacks and why it's important to train teams to recognize and mitigate those threats. Dale Wooden is the Founder and CEO of Weathered Security. He understood the challenges faced not only by Special Operations personnel, but also that of the intelligence community and private sector relating to digital/electronic security. To meet these challenges and ensure clients are best protected against these threats, Weathered Security has developed courses of instruction that educate and enable clients to effectively detect and counter digital/electronic threats.

The Principal's event has just concluded. After a disruptive ending to the event, the principal begins returning to the vehicles waiting to take him away. Your protective detail's senses are heightened — on alert for a possible embarrassing or harmful act. Over the radio, the waiting drivers hear that the Principal is 30 seconds from the departure area. What happens next, no one is ready for. The drivers radio the security detail, "All the cars are locked." The limo driver says, "The remotes aren't working. Every time we unlock the car, it locks again." Access to the lead and follow vehicles is also denied. Then the tailgates start to open independently.

As the Principal and security detail arrive to the vehicles, an egg hits the limo and spatters all over the Principal. The protective detail covers the Principal as three more egg volleys land. But they can't leave the scene, because their key fobs aren't opening the cars. Without notice, all of the vehicles start independently. But the doors remain locked. The principal is quickly whisked from the scene back to the protection of the event’s holding room. Shortly afterwards, the Principal fires the entire team. Then he turned to his executive assistant. "I thought you told me those guys were professionals."

It could happen. Here's how to prevent it.

Exploitation of Standard Operating Procedures

Protection team members have intimate knowledge of how their vehicles work: top speed, turn radius, and how it performs in all conditions. What they may not be as familiar with is the vehicle's cyber vulnerabilities or how to develop solutions to sustain safe operational control. The possibility of a hostile taking control of a car through cyber holes is a genuine and evolving threat. The technology to do that costs about $100 and is available on Amazon. It does not even require jammers or any illegal tools. I myself have carried this kind of equipment through TSA every time I fly and it has not yet attracted scrutiny.

The technology to take control of a car through cyber holes costs about $100 and is available on Amazon (Dale Wooden)

In this case, the car was a Ford. But it can happen to any vehicle. At this year's Defcon, an example of this kind of denial of service attack was shared as a Wireless Village talk.

All modern vehicles are vulnerable to cyberattacks and it's important to recognize and train teams to recognize and to mitigate those threats. New techniques have to be incorporated into your protective security training. Most importantly, training staff how to implement counter-measures against these dynamic threats can make or break a security detail.

Post-Exploit Solution

Vehicles vulnerable to the attack detailed above often have a physical key built into the key fob.

Vehicles vulnerable to the attack detailed above often have a physical key built into the key fob. (Dale Wooden)

Security teams need to know how to use that "old school" metal key. I know this sounds ridiculous, but not everyone knows how to remove the physical key from the fob. Different fobs are easier than others. Get to know yours, and practice.

Finding the keyhole can be difficult. Some are hidden and require a five-step process to insert and remove the key. If you are not prepared, and well-practiced, you cannot successfully use this tool during a crisis without diverting your attention from the mission.

Individuals responsible for leading or providing protective security need to reassess the types of vehicles in their fleet and ensure that adequate training focuses on ever-evolving vulnerabilities. If you experienced a scenario like this one before reading this article, don't criticize. It could have happened to you. However, now you possess awareness. It's up to you to stay alert, analyze and evaluate risk and implement immediate action drills to defeat these vehicle cyberattacks

Remember, false security is worse than no security.