The benefits to consumers are numerous: connectivity offers drivers everything from high definition streaming media, Wi-Fi access, improved entertainment systems, to the ability to remotely control aspects of the vehicle using mobile phone applications, such as the locking/unlocking and ignition mechanisms.
However, as with any other device that connects to the internet, there is a potential risk to automotive security from cyber-criminals. Security breaches can result in leaked personal data, threats to a vehicle’s essential security and safety mechanisms and, in extreme cases, full remote control of the car. And, as the industry moves towards more autonomous vehicles, these risks are only set to increase due to reliance on applications, connectivity and more complex and integrated electronic components.
Failure to address these risks could have a catastrophic effect on consumer confidence, privacy, brand reputation, and most importantly, customer safety.
What are the top 10 security risks for connected cars?
1. Theft of personal data: As the number of sensors in vehicles increase rapidly, there is the potential for hackers to steal personally-identifiable information (PII) from the vehicle’s systems, such as personal trip and location data, entertainment preferences and even financial information.
2. Vehicle theft: As digital keys, wireless key fobs and mobile applications replace traditional physical car keys, car thieves can gain unauthorized entry to the vehicle. This can be done by intercepting communication between a smartphone or wireless key fob and the vehicle, using devices that extend the range of the wireless signal and emulate the wireless key to access a vehicle using the owner’s own wireless key fob, if the owner is still near their vehicle. Managing virtual car keys can be as difficult as managing physical keys, if not carried out correctly. Enrollment of a key, validation of an ‘unlock’ attempt and, most importantly, revocation, must all be handled securely.
3. Connection risks: Cyber criminals can exploit flaws in a vendor’s implementation. Given that security has sometimes been an afterthought for connected cars and their components, this creates an easy target for hackers exploiting vulnerabilities using cellular networks, Wi-Fi, and physical connections. Furthermore, connected vehicles need to be able to trust, and be trusted by, the components and service(s) that they connect to.