While the idea of "connected" cars seems like a logical and convenient path for the automotive industry to appease customers, it brings with it one major achilles' heel: these vehicles are far more susceptible to cyberattacks than traditional cars.
The personal data fraud that comes with connected cars has skyrocketed, with USwitch estimating that connected car cyberattacks have risen by 99% over the last year alone.
The study noted that a Boeing 787 jet has about 6.5 million lines of code, while a standard connected car has about 100 million. Hackers need to only chance one small portion of this code to have access to your data, it says. As an example, cybercriminals stole the personal data of 380,000 people from British Airways by changing only 22 lines of code, out of thousands, the report notes.
The report also estimates that by the year 2026, 100% of cars sold in the UK are expected to be connected vehicles. This obviously increases the number of ways in which your info is at risk. We have also written in the past about the appeal of car companies collecting and selling the data that their vehicles are able to collect on their drivers.
There is also an obvious attack point at any car's app software, as well. If these apps can be modified, so too can be the instructions they send to your vehicle. The study notes: "A high-profile example of this came when Nissan had to shut down an on-board app after testing by security researchers revealed a serious vulnerability."
The consequences were serious: "They were able to connect to the car via the internet and remotely control the car’s heated seating, fans, air conditioning and heated steering wheel. In an electric car, this can mean that the battery is drained without the owner realising."
Finally, the main method for theft already being used is when thieves attack the systems used by the keyfob. Most thefts in these cases take place while cars are still parked at the owner's house. Thieves can amplify or duplicate the signal used to gain access to these vehicles without the fob.
Recall, last August, we highlighted how a Tesla could be hacked and stole in under 30 seconds.
In a test performed by "What Car?" magazine, seven car models with keyless entry and start systems were tested to see how quickly they could be stolen. The results? An Audi TT RS was stolen in 10 seconds and a Land Rover Discovery Sport was stolen in 30.
Security experts performed the tests using the same type of technology that's commonly used by thieves. They measured the amount of time it took to get into the vehicle and drive it away. The BBC notes that car theft rates in places like England and Wales have reached eight year highs and that more than 106,000 vehicles were stolen in 2018 alone.
The USwitch study also found:
- Connected cars produce up to 25GB of personal data every hour, including data about the driver, the vehicle and passengers.
- In 2019, the number of reported cyberattacks on connected vehicles was seven times higher than the same figure from 2016 with a 99% increase in incidents from 2018 alone.
- The UK market for connected and automated vehicles is forecast to be worth up to £52 billion by 2035.
- A 2019 cybersecurity industry survey found 62% of respondents think it’s likely that malicious attacks on their software or components will occur in the next 12 months.
If you own a connected car, the study recommends:
Don’t go overboard with the amount of connections and personal data you trust your car with — sticking to essential functions means you’re less likely to lose anything valuable.
Use steering or wheel locks, or other physical preventative measures to deter car thieves.
Keep the software in your car up to date by installing any security patches or new updates as soon as they become available. Think of software updates as staying one step ahead of the hackers.
Only download official apps from Google and Apple Stores. They are more likely to be trustworthy and will have been vetted to ensure that they meet a certain standard of quality and data protection.
Be mindful of app permissions. An app asking for access to data that isn’t relevant to its function is a red flag.
Use a fob blocker, metal-lined wallets and bags that work by restricting your fob’s signal. They are available from £5, but make sure to test it before you rely on it.
Clear all of your personal data from a vehicle before selling it to avoid handing over personal data to the next owner.
Check how your phone is running after downloading an app. Malicious apps tend to drain the battery really quickly as they operate unseen in the background. If left unchecked, once connected to your car, this could become a serious issue.
The full study can be read here.