The European Union Agency for Cybersecurity (ENISA) released a smart car safety report detailing how connected cars expand the potential of cyberattacks. Several years ago, IOActive researchers (among others) proved that it’s possible to compromise autonomous vehicle systems, which led to millions of recalls.
The more developers add connectivity and IoT integration to smart cars, the more vulnerable smart cars become to hackers. For instance, most modern cars contain around 50 IoT devices, each one increasing the risk. If a hacker breaches someone’s smart car, they can gain access to the person’s entire smart home system, too (which includes their phone).
Voice command technology also increases vulnerability—leaving voice command-enabled smart home and smart car systems at even greater risk.
How Hackers Infiltrate Smart Cars
Smart cars rely heavily on computer systems, so hacking into an unsecured smart vehicle system is akin to hacking into a standard IoT device. Hackers use the smart car’s infotainment system via diagnostic services to take control of the car’s functions or gain insight into passwords, voice controls and more.
Through this method, hackers can do a lot of damage:
- Cut the engine.
- Enable or disable the immobilizer.
- Initiate or disable brakes.
- Change passwords.
- Disable airbags.
Smart speaker software such as the Amazon Alexa also gives hackers access to the car’s control center through the smart speaker’s diagnostic capabilities. Amazon’s Alexa automatically stores audio files so it can continually improve its reaction time and accuracy. Hackers take advantage by commanding Alexa to share or provide sensitive information.
Smart cars’ Uconnect infotainment systems, which allow drivers to connect their car to their phones, provide a loophole for hackers as well. Hackers gain initial access to the vehicle’s system through the smart car app each smart car owner downloads on their phone. Hackers figured out that each app shared the same default password, so by testing millions of usernames, hackers were able to gain access.
No smart car is off-limits either. Tesla, for example, stores and saves GPS and other personal data between owners. Even when a Tesla is taken in for a repair or is auctioned off to a new owner, the previous owner’s data still lives in the vehicle’s system.
Why You Should Be Worried
According to the ENISA, this will mean the possibility of vehicle immobilization and more car accidents. If people are in their car while it’s hacked, they could become stranded and locked inside.
Beyond physical safety, people are also at risk of having their personal and financial information stolen. Just as a hacker can learn passwords, Social Security numbers and other sensitive information from hacking a smart speaker, hackers can do the same by hacking a connected car.
Automakers and connected vehicle service vendors are doing more to beef up the cybersecurity of connected cars, which primarily involves new security measures at the beginning of the manufacturing process. Toyota even released a testing platform so its customers can test how vulnerable a smart car is to hacking themselves.
Despite these updates, it’s expected that these vulnerabilities in the back end of vehicle systems will still exist—at least for the near future.
The Risk Between Smart Cars and Smart Homes
In the end, the more advanced machine learning and artificial intelligence we integrate into our lives, the greater the risk of cyberthreats.
You can’t be sure your smart car is safe unless you know your entire smart home hub is secure—and vice versa. If a hacker can hack into your smart car, they’ll likely be able to gain access to your smart garage controls and your home’s smart locks.
Smart tech that’s helpful to homeowners is helpful to hackers as well. Smart garages, for instance, signals owners via a mobile app when their garage is closed or open, so they know who’s going in and out throughout the day. If hackers gain access to the connected app, they can use the info to learn peoples’ schedules and gain access to the home.
It’s up to automakers to get ahead of hackers and make the entire ecosystem of smart cars and smart homes more secure. Only then should consumers feel confident about the protection of their personal data and safety.