Connected cars – Convenience vs. security

Imagine you are in a car accident. If you have OnStar, the system will immediately respond, contact emergency services, and let them know your location. But let’s take things a step further and imagine as the ambulance is on the way, the emergency responders will receive your medical history, be able to monitor your vitals, and be fully informed of your condition before arriving at the scene.

As the Internet of Things (IoT) continues to grow, cars, appliances, watches, and phones will more frequently communicate directly with each other without a person initiating the message. Your phone will tell your car you have an appointment and automatically load the directions to your meeting in the GPS. When you pull in the driveway, your furnace will warm your home, the lights will turn on, and the garage door will open. When it comes to the IoT, we are only limited by our imagination.

Tesla has become a leader in the connected car industry. Not only does the company connect the car to the driver, it connects the car to the world around it. Radar allows the car to know what is in front of it and adjusts the car’s speed accordingly. Ultrasonic sensors around the car communicate what is beside or behind it, while a GPS system keeps track of the car’s precise location. When automatic steering is activated, the car will “see” the lane markers painted on either side of the road on and stay between them. If you want to change lanes, the car will do that for you as well, checking to make sure your blind spots are free of other cars.

Cybersecurity risks in connected cars

Even with all of these advances, security continues to be a challenge. The more connected you are, the more opportunities hackers have to access the system. 

While no outside hacks on connected cars have been documented yet, researchers have hacked into connected cars and shed light on their vulnerabilities. In a Wired magazine experiment, researchers hacked into a 2014 Jeep Cherokee and gained wireless control of the vehicle through the internet. As the reporter was driving down the interstate, the researchers took control of the vehicle from the comfort of their home. They began by turning on the air conditioner fans and blasted the radio, neither of which could then be turned down or off by the driver. The windshield wipers began to clean away washer fluid before the researchers ultimately disabled the transmission, effectively stopping the engine. Later in a parking lot, the researchers were able to unlock the doors, control the steering wheel, and disable the breaks.

The researchers did contact the manufacturer, which then issued a security patch to update the systems in similar vehicles. This type of research is necessary to expose weaknesses in connected cars that could potentially harm passengers if a malicious hacker gained access.

In 2016, the Federal Bureau of Investigation (FBI) issued a public service announcement about the increasing vulnerabilities to connected cars. The FBI recommends taking these steps to minimize cybersecurity risks in your connected car:

• Make sure your vehicle software is up-to-date. If you are uncomfortable downloading software, call your dealer and make an appointment to have it installed.

• Be cautious when making modifications to vehicle software. Unauthorized modifications may not only impact the normal operation of your vehicle, but may introduce new vulnerabilities that could be exploited by hackers.

• Verify the security service for any third party devices connected to your vehicle. If a hacker can access the device, they will then likely have access to your vehicle.

• Be aware of who has physical access to your vehicle. If you wouldn’t leave your personal computer unlocked in an unprotected place or with someone you don’t trust, you shouldn’t leave your vehicle unsecured either.

If you suspect your car has been hacked, the FBI advises to:

• Check for outstanding vehicle recalls or vehicle software updates. Contact your local dealer or check the manufacturer’s website.

• Contact the vehicle manufacturer or authorized dealer. They will be able to diagnose if any odd vehicle behavior is caused by a hacking attempt.

• Contact the National Highway Traffic Safety Administration. Any safety concerns should be reported by filing a Vehicle Safety Complaint.

• Contact the FBI. You should file a complaint with your local FBI office and the Internet Crime Complaint Center.

It’s important to keep in mind that all auto insurance is not the same. Specialty vehicles may require auto insurance that is designed to provide a higher level of protection. With the proper coverage in place, you can enjoy peace of mind while exploring the open road in your connected car.

Resources
tesla.com
wired.com
ic3.gov