Cars Are Just Like Phones: They Have Security Flaws, Too

Our lives become more digitally connected every day. And so do our cars.

 

From smart traction control, remote engine start, and door unlocking to intelligent air conditioning and infotainment modules, connected vehicles provide an ever-increasing number of useful digital features.

 

Unfortunately, this also means a spiralling number of automotive cybersecurity threats.

 

Let’s take a look at the main connected car threats, vulnerabilities and their impact as well as some top tips on how to stay safe.

Are connected vehicles really unsafe?

In 2019, a research group called Which? worked with cybersecurity experts to test two of the most popular connected cars in Europe: the Ford Focus and Volkswagen Polo. Both vehicles turned out to be insecure with hackers easily able to penetrate the car systems.  

 

For further research, they bought a used VW Polo infotainment unit from eBay and were able to get a goldmine of Personally-Identifying Information (PII) on the previous owners. This included their location and logistics data, financial details and even their home Wi-Fi login and password. This isn’t surprising, as the lack of strict industry legislation and security standards has allowed car manufacturers to avoid investing in the necessary cybersecurity to effectively stop hackers.

 

This experiment left people wondering if connected cars are truly secure? Well, the answer is yes and no. Let’s get to the bottom of this question and look at some connected car security issues.

5 security issues facing connected cars

Just like any computer, a connected car (which has several computers under the hood, BTW) has plenty of security loopholes hackers can take advantage of, especially when it’s the kind of car you operate using a special smartphone app.

 

Infotainment systems

To begin with, we have infotainment systems. Yes, these systems often attract the eyes of anyone who sees the interior of a connected car. 

 

They allow you to easily call or play music from a connected smartphone but also give hackers the opportunity to exploit the protocols infotainment systems use to connect to your phone. Once they have hacked their way in, cybercriminals are able to change settings, override car safety features, or spy on the people in the car.

 

Mobile apps

Managing basic car functions from a smartphone is a dream come true. A dream for criminals, that is. For professional hackers, it’s not too hard to attack a mobile app. When they’re in, they can unlock the car, infect the infotainment system, and steal the personal credentials of the car’s owners.

 

Wireless media

Another one of the connected car challenges is the wireless media. Dutch researchers (and white-hat hackers) were able to hijack Volkswagen and Audi infotainment systems just by using the cars’ Wi-Fi. But they didn’t just mess up the driver’s radio settings - accessing the infotainment system’s root account allowed them to control the microphone, listen to calls made by the driver, and access the address book.

 

Keyless entry

A key fob is the modern alternative to the old-fashioned way we used to unlock and start a car - you know, with a key. But even though you can’t start a keyless entry car without a key fob, criminals have learned how to do it. All they need is a cheap hacking device

 

One person stands beside the car, and another near the house where the original key fob supposedly lies. The device picks up the signal from the fob and relays it to the car. All criminals need to do then is get in and drive away (and not let the car’s engine stop).

 

Manufacturers’ servers

Cyberattacks on the car manufacturer’s servers are last but not least in our list of automotive security challenges. It’s not particularly connected to your car, but if hackers break into the car provider’s system, they can target many vehicles at once. Of course, they won’t be able to hijack your car but they will steal your data.

What you can do to keep your connected car safe

It might seem like the security of your smart car is the responsibility of the manufacturer. But as with any other piece of hardware connected to the internet, the biggest loophole is the user. So you need to step up and make sure you’re doing everything you can to protect your car and your data.

 

Patch and Update

Never skip a firmware or software update. If you know a new, patched-up version of your car’s firmware is out, don’t postpone installing it. The same goes for any updates of the mobile app you use to manage your car.

 

Secure your Wi-Fi

Remember when we talked about securing your home Wi-Fi network? Well, you should do this with your car’s W-Fi too. The least you can do is change any default passwords and use a nice, strong one instead. And maybe avoid disclosing it to anyone you don’t trust. Just in case.

 

Work with trusted mechanics and services

We tend to trust official services - and we should. If you want to update your car’s firmware, an official service is the best place to go. But what do you do if you’ve purchased a used car or don’t have the money for the official service?

 

Instead, take your time to find a trusted mechanic. Ask around, look for their contacts in special forums or closed groups. You wouldn’t trust your finances with any accountant, would you? So be just as picky about your mechanic.

 

Research before you buy

There’s something you can do even before you purchase a smart vehicle, and this is to be as meticulous as possible about choosing the vendor. Ask questions like:

  • What is their track record of cyberattacks?
  • Do they use strong encryption?
  • Do they maintain a vulnerability disclosure policy?
  • Do they offer firmware support or service?
  • Does the car integrate with my other smart devices?

Don’t worry...

Despite all the security loopholes we’ve mentioned, a connected car isn’t the password-less computer on wheels we’re led to believe. Remember, no car manufacturer wants to be blamed for any major personal data breaches of its customers.

 

Patching up a reputation is harder than patching up software. So, of course, they pay attention to the security of the software they upload into their cars. On top of this, every uncovered security loophole is quickly covered up and monitored carefully. The more vulnerabilities hackers discover, the safer the system becomes.

 

As far as physical car theft is concerned, stealing a regular car is much easier than stealing a smart one. They don’t stuff the car with sensors and cameras for nothing.

 

But stealing a phone used to open your car doors is even easier, so always keep it close. One man, for instance, managed to lock a thief inside his Tesla Model 3 using a mobile app. Talk about having your phone at hand.

 

* * *

 

Owning a smart car makes you feel like the future has arrived, but it can also make you feel unprotected. Luckily, if you stick to the tips we’ve provided, your car and your personal data will be fine.

 

Read more:

Newsroom

We’d like to stay in touch.

We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. ReCaptcha verification failed

More Related Articles

arrow

Run Application

Double-Click on MacKeeper.pkg

Click Continue