Warning: Connected cars can be hacked and taken over

If you have an older car that you want to get a little "smarter", connected to the network, today there are adapters to buy, so-called "dongles".

When it connects the car, you can, among other things, monitor various measurement data from a drive, or keep track of where the car is.  

When a group of researchers at the Royal Institute of Technology (KTH)'s Department of Network and Systems Engineering tested a Danish dongle, they found that it was possible to hack in and take over the car from the outside.  

- We could make a so-called worm, so that when the car that became infected drove close to another car, we could take over its dongle as well.

We created a so-called bot network with several hijacked cars, says Fredrik Heiding, doctoral student at KTH.  

Risk of traffic chaos

Out in the real traffic, it can mean that malicious people could take over several cars and cause traffic chaos and accidents.

Only they themselves are at wifi distance from the car they want to hijack, which means 10-100 meters.  

This problem is common for connected gadgets in what is usually called the "Internet of Things".

Whether it's cars, refrigerators, vacuum cleaners or doors.  

- We find very, very often vulnerabilities in systems that should not be hackable.

And in this case, we have left our lives in the hands of the system, says Professor Pontus Johnson, IT security expert at KTH.  

The group at KTH reported to the company Autopi in Denmark that it had been possible to hack in and take over the dongle by cracking a password.  

Change default password

Peter Falkegaard Örts, founder and salesman at Autopi, writes to SVT that they had a "fine collaboration with KTH" and that after the KTH report they strengthened the recommendation to customers to change the password that came with the dongle at the time of purchase.

"It is not the intention to continue using the default password sent with the device," the company announces. 

- The accompanying passwords are based on a standard algorithm that we can find and solve.

Most of the time they are automatically generated and if you figure out how it has been done, it is not that difficult.

But if you created the password yourself, no one knows how you thought, says Fredrik Heiding at KTH.