Connected Vehicles & Cybersecurity
Connecting vehicles to the Internet is no longer a far-fetched, futuristic idea. Once seen as an exclusively luxury item, most mainstream car brands now offer vehicle models with connected technology and other autonomous driving features.
Connected vehicles offer a number of personalized features that once seemed too high-tech to be possible. From Tesla to Toyota, Internet-enabled vehicles have quickly become a popular commodity, particularly amongst Millennial drivers. In fact, experts predict that most, if not all, vehicles will be connected to the Internet by 2035.
How does it work?
Connected cars work by using software to control a range of vehicle functions. Tech Crunch found that connected vehicles have up to 125 different electronic control units (ECUs) designed to handle a range of diagnostic, navigation and entertainment systems.
With hundreds of ECUs in a single car, this translates into over 100 million lines of code. These lines of code act as “instructions” for your vehicle to dictate how features like steering, brakes, radio systems, lights and air conditioning units will function.
But for every 1,000 lines of code, experts say at least 10-15 mistakes will be discovered. These mistakes can often leave holes in a vehicle’s software (vulnerabilities) that fraudsters exploit and access for fraud, identity theft and other cybersecurity and identity crimes.
“Soon cars will be able to communicate with each other to avoid collisions. The same will work for vehicle-to-infrastructure technology as cars will be able to communicate with roads and detect hazards such as pedestrians and downed trees.”
Source: CBS News, 2014
What is vehicle hacking?
Research notes that connected vehicles help to reduce fuel emissions, optimize gas mileage and even prevent collisions on the road. However, connected technology also presents an increased risk for vehicle hacking, which could put your identity and overall safety at risk.
Connected vehicles have four main cybersecurity risks for drivers:
- Privacy and security concerns – exposed/stolen data, malware infections, vehicle hacking
- Fraudulent transactions – takeover of service accounts connected to a vehicle
- Vehicle operational interfaces (safety-related) – brake, steering, engine functionality
- Vehicle operational interfaces (not safety-related) – radio, A/C, GPS, etc.
Vehicle hacking can occur through a compromised Wi-Fi or Bluetooth connection, or by connecting affected devices via USB ports. The FBI defines vehicle hacking as the concept in which “someone gains unauthorized access to a vehicle system for the purposes of retrieving driver data or manipulating vehicle functionality.”
Vehicle Hacking Methods & Capabilities
There are many ways to access a vehicle’s connected data. One study found that cyberattacks conducted via Wi-Fi networks can be carried out from up to 100 feet away.
However, attacks that derive from cellular connections (i.e. hacking into a vehicle’s cellular carrier) are not limited by distance. The same study illustrated that attacks via cellular connections could be carried out from anywhere within the carrier’s network.
The study also provided insight as to how dangerous vehicle hacking can be. Researchers discovered they could remotely shut down vehicle engines, disable brakes and steering, lock doors and manipulate turn signals, radio and GPS systems.
A Trove of Personal Data
While news reports have discussed vehicle hacking as it relates to physical safety risks (i.e. causing car accidents, losing control of steering and brakes, etc.), security experts have also shown concern over the possibility of data mining through connected cars.
Connected vehicles allow drivers to connect to numerous third-party services – social media networks, cellular carriers, music apps and more. As a result, the vehicle becomes a trove of personal data that fraudsters can capture through targeted cyber attacks.
Improving cybersecurity for connected vehicle drivers
Manufacturers have begun integrating what is known as “over-the-air” (OTA) software updates for connected vehicle drivers. Gartner’s vice president and lead automotive analyst Thilo Koslowski said that 30 percent of connected vehicle models will have OTA updates by 2020.
Instead of bringing your car into a dealership for minor fixes, OTA updates would allow manufacturers to push software updates to you remotely. In short, updating your vehicle would be like updating your smartphone’s or computer’s operating systems.
OTA updates could benefit both drivers and automakers alike. Software-only recalls affected 3.3 million vehicles in the U.S. last year. Experts say that roughly one-third of defects that lead to recalls could be fixed with OTA updates, potentially saving the industry up to $6 billion a year.
What should I do?
Connected vehicles will only continue to grow. The increasing number of connected vehicles warrants the need for education and awareness surrounding this new technology.
Use these tips to help keep your connected vehicles secure:
- Stay up-to-date on vehicle recalls. The FBI encourages all drivers to check for their vehicle on this recall database at least twice a year.
- Apply software updates as soon as you are aware of them. However, be cautious of scams that mimic manufacturer software notices to avoid potential phishing sites and malware infections.
- Avoid modifying your car’s software. If you are techy, this may be tempting. But custom changes to a car’s software may create vulnerabilities in your car’s system that hackers can exploit.
- Be wary of connecting third-party services and devices to your Internet-enabled vehicle. Remember that every connection is a data conversation. Make sure your devices are up-to-date to avoid transferring harmful software to your car.
- Contact the manufacturer immediately if you are experiencing issues related to your car’s software, or if you suspect your vehicle has been hacked.