The growing threat of car cybercrime
Your car could very easily become the target of hackers and scammers, according to research carried out by online comparison firm Uswitch. But there are steps you can take to protect your pride and joy.
MOTORISTS are being warned of a huge rise in the number of cyberattacks as vehicles become increasingly technologically advanced.
Modern “connected cars” use systems that collect masses of personal data that scammers are actively targeting to commit fraud. Hackers are also able to steal motors with keyless entry systems or else take control of some of the vehicles functions.
Online comparison firm Uswitch is now offering advice on how drivers can protect themselves after the number of reported connected car cyberattacks multiplied six times in four years.
Connected cars send data about the driver and vehicle systems back to the manufacturer over the internet. They also allow owners to carry out actions such as remote locking, smartphone linking to play music or using an app to pay at a toll booth.
While all these actions happen at the click of a button or touch of a screen, there’s a lot of complex programming required to make it seem so simple. A modern car uses about 150million lines of computer code, while a Boeing 787 jet uses just 6.5million. All this coding makes cars potentially very vulnerable.
Cybercriminals were able to steal 380,000 people’s personal data from British Airways by changing just 22 lines of code out of hundreds of thousands.
Some 67 per cent of the new cars registered in the UK are connected, with projections showing this will rise to 100 per cent by 2026. These cars produce up to 25GB of personal data every hour – including information about passengers, as well as the driver and vehicle.
The Government has introduced new cybersecurity standards for connected vehicles but there are still points of weakness. Aside from smartphones in cars, areas most at risk of being breached include control units for the powertrain, lighting, steering and braking, driver assistance systems and airbags.
On-board diagnostics, USB, Bluetooth, remote link apps, tyre pressure monitoring systems and remote key or passive keyless entry set-ups can also be attacked.
Keyless vehicle theft is increasingly common and most often takes place when the car is parked outside the owner’s house while they are at home. Car thieves have figured out a way to scan for the passive signal sent out by the key when it is near to the car and then hack it to give them access.
Vehicle recovery firm Tracker claims that 92 per cent of the cars it recovered in 2019 were taken without keys, up from 88 per cent in 2018, which itself was a huge jump from 66 per cent in 2016.
More mobile apps that communicate directly with cars are being released all the time and this makes them a tempting target for criminals. Researchers found they were able to drain an electric vehicle’s battery by hacking in to remotely control the car’s air con and heated seats and steering wheel.
Another team were able to interfere with the controls of an SUV while it was being driven – including the acceleration and braking functions. Using your vehicle’s in-built apps means that it can track things like your location, entertainment preferences and even financial information.
Many people also sync their phone with their car to use apps and entertainment systems, as well as share contacts for hands-free calls via the in-built speakers.
With each of these connections, there is an increased opportunity for hackers to find a vulnerability and steal your data via remote access without you even knowing. On a more low-tech level, it’s important to delete all of your personal data from the vehicle’s systems before selling the car.
The good news is that the British Standards Institute is working with car industry experts from big brands such as Jaguar Land Rover, Ford and Bentley, as well as with the National Cybersecurity Centre.
Together, they are developing guidance for those making connected and automated car technology. Uswitch says there are a number of things you can do to keep yourself and your car protected, such as using steering or wheel locks to deter car thieves.
Limit the amount of connections and personal data you trust your car with — sticking to essential functions means you’re less likely to lose anything valuable. Keep the software in your car up to date by installing any security patches or new updates as soon as they become available.
Only download official apps from Google and Apple Stores (they are more likely to be trustworthy and will have been vetted) and watch out for apps asking to access data that isn’t relevant. Finally, use a fob blocker – metal-lined wallets and bags that work by restricting your fob’s signal.