Cars Are Just Like Phones: They Have Security Flaws, Too
Our lives become more digitally connected every day. And so do our cars.
From smart traction control, remote engine start, and door unlocking to intelligent air conditioning and infotainment modules, connected vehicles provide an ever-increasing number of useful digital features.
Unfortunately, this also means a spiralling number of automotive cybersecurity threats.
Let’s take a look at the main connected car threats, vulnerabilities and their impact as well as some top tips on how to stay safe.
Are connected vehicles really unsafe?
In 2019, a research group called Which? worked with cybersecurity experts to test two of the most popular connected cars in Europe: the Ford Focus and Volkswagen Polo. Both vehicles turned out to be insecure with hackers easily able to penetrate the car systems.
For further research, they bought a used VW Polo infotainment unit from eBay and were able to get a goldmine of Personally-Identifying Information (PII) on the previous owners. This included their location and logistics data, financial details and even their home Wi-Fi login and password. This isn’t surprising, as the lack of strict industry legislation and security standards has allowed car manufacturers to avoid investing in the necessary cybersecurity to effectively stop hackers.
This experiment left people wondering if connected cars are truly secure? Well, the answer is yes and no. Let’s get to the bottom of this question and look at some connected car security issues.
5 security issues facing connected cars
Just like any computer, a connected car (which has several computers under the hood, BTW) has plenty of security loopholes hackers can take advantage of, especially when it’s the kind of car you operate using a special smartphone app.
To begin with, we have infotainment systems. Yes, these systems often attract the eyes of anyone who sees the interior of a connected car.
They allow you to easily call or play music from a connected smartphone but also give hackers the opportunity to exploit the protocols infotainment systems use to connect to your phone. Once they have hacked their way in, cybercriminals are able to change settings, override car safety features, or spy on the people in the car.
Managing basic car functions from a smartphone is a dream come true. A dream for criminals, that is. For professional hackers, it’s not too hard to attack a mobile app. When they’re in, they can unlock the car, infect the infotainment system, and steal the personal credentials of the car’s owners.
Another one of the connected car challenges is the wireless media. Dutch researchers (and white-hat hackers) were able to hijack Volkswagen and Audi infotainment systems just by using the cars’ Wi-Fi. But they didn’t just mess up the driver’s radio settings - accessing the infotainment system’s root account allowed them to control the microphone, listen to calls made by the driver, and access the address book.
A key fob is the modern alternative to the old-fashioned way we used to unlock and start a car - you know, with a key. But even though you can’t start a keyless entry car without a key fob, criminals have learned how to do it. All they need is a cheap hacking device.
One person stands beside the car, and another near the house where the original key fob supposedly lies. The device picks up the signal from the fob and relays it to the car. All criminals need to do then is get in and drive away (and not let the car’s engine stop).
Cyberattacks on the car manufacturer’s servers are last but not least in our list of automotive security challenges. It’s not particularly connected to your car, but if hackers break into the car provider’s system, they can target many vehicles at once. Of course, they won’t be able to hijack your car but they will steal your data.
What you can do to keep your connected car safe
It might seem like the security of your smart car is the responsibility of the manufacturer. But as with any other piece of hardware connected to the internet, the biggest loophole is the user. So you need to step up and make sure you’re doing everything you can to protect your car and your data.
Patch and Update
Never skip a firmware or software update. If you know a new, patched-up version of your car’s firmware is out, don’t postpone installing it. The same goes for any updates of the mobile app you use to manage your car.
Secure your Wi-Fi
Remember when we talked about securing your home Wi-Fi network? Well, you should do this with your car’s W-Fi too. The least you can do is change any default passwords and use a nice, strong one instead. And maybe avoid disclosing it to anyone you don’t trust. Just in case.
Work with trusted mechanics and services
We tend to trust official services - and we should. If you want to update your car’s firmware, an official service is the best place to go. But what do you do if you’ve purchased a used car or don’t have the money for the official service?
Instead, take your time to find a trusted mechanic. Ask around, look for their contacts in special forums or closed groups. You wouldn’t trust your finances with any accountant, would you? So be just as picky about your mechanic.
Research before you buy
There’s something you can do even before you purchase a smart vehicle, and this is to be as meticulous as possible about choosing the vendor. Ask questions like:
- What is their track record of cyberattacks?
- Do they use strong encryption?
- Do they maintain a vulnerability disclosure policy?
- Do they offer firmware support or service?
- Does the car integrate with my other smart devices?
Despite all the security loopholes we’ve mentioned, a connected car isn’t the password-less computer on wheels we’re led to believe. Remember, no car manufacturer wants to be blamed for any major personal data breaches of its customers.
Patching up a reputation is harder than patching up software. So, of course, they pay attention to the security of the software they upload into their cars. On top of this, every uncovered security loophole is quickly covered up and monitored carefully. The more vulnerabilities hackers discover, the safer the system becomes.
As far as physical car theft is concerned, stealing a regular car is much easier than stealing a smart one. They don’t stuff the car with sensors and cameras for nothing.
But stealing a phone used to open your car doors is even easier, so always keep it close. One man, for instance, managed to lock a thief inside his Tesla Model 3 using a mobile app. Talk about having your phone at hand.
* * *
Owning a smart car makes you feel like the future has arrived, but it can also make you feel unprotected. Luckily, if you stick to the tips we’ve provided, your car and your personal data will be fine.
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.