Cyber attacks on connected cars rise by 99%

connected vehiclesCyber attacks on connected cars have increased by 99% in the last year, according to a new study by Uswitch.

The online and telephone comparison and switching service has identified four main ways that vehicles can be compromised, ranging from weaknesses in apps and theft of personal data to keyless car theft and even taking control of a vehicle remotely.

Around 67% of all new cars sold are currently connected in some way, but that is expected to rise to 100% by 2026 meaning vulnerabilities must be minimised.

Jonaton O’Mara, a cybersecurity expert form CompareMyVPN, said: “Even if basic privacy measures were put in place, we feel anonymised data can be easily matched with other elements to break down any attempts to promote user privacy.

“In addition, the car companies themselves can now collect huge swathes of rich personal data — mainly location-based and habitual movements.

“However, this also covers connected device activity such as calls made, messages and phone numbers, which for privacy-concerned individuals is quite alarming.

“What we need is pressure from regulators and the cybersecurity industry to ensure that connected car data is both encrypted end-to-end to reduce any threat from a third party as well as what data is actually stored and kept.”

Connected cars can collect up to 25GB of personal data every hour.

When using a vehicle’s in-built apps it can track things like your location, entertainment preferences and even financial information.

Many people also sync their phone with their car to use apps and entertainment systems, as well as share contacts for hands-free calls via the in-built speakers.

Each of these connections are an increased opportunity for hackers to find a vulnerability and steal data via remote access.

Apps that communicate directly with cars are becoming more popular and this makes them a tempting target for criminals.

If these applications have any vulnerabilities, they can allow for unauthorised access to the owner’s personal data and even features of the car itself.

Nissan had to shut down one of its apps after testing by security researchers revealed a vulnerability that could allow hackers to remotely control the car’s heated seating, fans, air conditioning and heated steering wheel.

Keyless theft or key hacking is another way thieves attack the systems used to control a car. It usually requires the key to be close to the car (such as on a table by the front door) and, often takes place when a car is parked outside the owner’s house while they’re at home.

When the key is near the car, it passively sends out the signal that tells it to unlock. Car thieves have figured out a way to scan for that signal and then hack it, to give them access to the car.

In certain scenarios, hackers are also able to take control of safety-critical aspects of a vehicle’s operation. This means that some vehicles may contain vulnerabilities that allow hackers to access functions like steering control, braking and even turning off the engine.

Cybersecurity researchers Charlie Miller and Chris Valasek proved this could be done when they remotely hacked into a Jeep Cherokee and interfered with its controls while it drove down a busy road from the comfort of a nearby apartment.

They also discovered in subsequent tests that they could accelerate or slam on the brakes. While this specific issue has since been patched by Chrysler, enterprising hackers are finding and exploiting new vulnerabilities in connected cars all the time.

Uswitch has provided a number of tips to prevent cyber attacks:

  • Don’t go overboard with the amount of connections and personal data you trust your car with — sticking to essential functions means you’re less likely to lose anything valuable
  • Use steering or wheel locks, or other physical preventative measures to deter car thieves
  • Keep the software in your car up to date by installing any security patches or new updates as soon as they become available. Think of software updates as staying one step ahead of the hackers
  • Only download official apps from Google and Apple Stores. They are more likely to be trustworthy and will have been vetted to ensure that they meet a certain standard of quality and data protection
  • Be mindful of app permissions. An app asking for access to data that isn’t relevant to its function is a red flag
  • Use a fob blocker, metal-lined wallets and bags that work by restricting your fob’s signal. They are available from £5, but make sure to test it before you rely on it
  • Clear all of your personal data from a vehicle before selling it to avoid handing over personal data to the next owner
  • Check how your phone is running after downloading an app. Malicious apps tend to drain the battery really quickly as they operate unseen in the background. If left unchecked, once connected to your car, this could become a serious issue