UK-based price comparison company, Uswitch, conducted a study that found there were four ways that vehicles can be compromised, ranging from weaknesses in apps and theft of personal data to keyless car theft and even taking control of a vehicle remotely.
It said that about 67 per cent of all new cars sold are currently connected in some way, but that is expected to rise to 100 per cent by 2026.
Concern was raised when UK industry journal AM Online published an article warning that privacy could be breached easily but not only by thieves.
“Car companies themselves can now collect huge swathes of rich personal data, mainly location-based and habitual movements,” AM Online reported.
“However, this also covers connected device activity such as calls made, messages and phone numbers, which for privacy-concerned individuals is quite alarming.”
It said government regulators and the cybersecurity industry needed to ensure that connected car data is both encrypted end-to-end to reduce any threat from a third party. This includes data that is stored.
Connected cars can collect up to 25GB of personal data every hour. Using a vehicle’s in-built apps can allow for data such as your location, entertainment preferences and even financial information.
Many people also sync their phone with their car to use apps and entertainment systems as well as share contacts for hands-free calls via the in-built speakers.
Each of these connections increased the opportunity for hackers to find a vulnerability and steal data via remote access, said the article.
“Apps that communicate directly with cars are becoming more popular and this makes them a tempting target for criminals,” it said.
“If these applications have any vulnerabilities, they can allow for unauthorised access to the owner’s personal data and even features of the car itself.”
AM Online said that Nissan had to shut down one of its apps in the UK after testing by security researchers revealed a vulnerability that could allow hackers to remotely control the car’s heated seating, fans, air conditioning and heated steering wheel.
“Keyless theft or key hacking is another way thieves attack the systems used to control a car,” the article said.
“It usually requires the key to be close to the car (such as on a table by the front door) and often takes place when a car is parked outside the owner’s house while they’re at home.
“When the key is near the car, it passively sends out the signal that tells it to unlock. Car thieves have figured out a way to scan for that signal and then hack it, to give them access to the car.”
It goes further. Hackers are also able to take control of safety-critical aspects of a vehicle’s operation such as steering control, braking and even turning off the engine.
UK cybersecurity researchers Charlie Miller and Chris Valasek proved this could be done from the comfort of a nearby apartment when they remotely hacked into a Jeep Cherokee and interfered with its controls while it drove down a busy road.
“They also discovered in subsequent tests that they could accelerate or slam on the brakes,” the article said.
“While this specific issue has since been patched by Fiat Chrysler, enterprising hackers are finding and exploiting new vulnerabilities in connected cars all the time.”
The AM Online article quoted Uswitch’s tips to prevent cyber attacks:
- Don’t go overboard with the amount of connections and personal data you trust your car with — sticking to essential functions means you’re less likely to lose anything valuable
- Use steering or wheel locks, or other physical preventative measures to deter car thieves
- Keep the software in your car up to date by installing any security patches or new updates as soon as they become available. Think of software updates as staying one step ahead of the hackers
- Only download official apps from Google and Apple Stores. They are more likely to be trustworthy and will have been vetted to ensure that they meet a certain standard of quality and data protection
- Be mindful of app permissions. An app asking for access to data that isn’t relevant to its function is a red flag
- Use a fob blocker, metal-lined wallets and bags that work by restricting your fob’s signal.
- Clear all of your personal data from a vehicle before selling it to avoid handing over personal data to the next owner
- Check how your phone is running after downloading an app. Malicious apps tend to drain the battery really quickly as they operate unseen in the background. If left unchecked, once connected to your car, this could become a serious issue
By Neil Dowling