The Security Risks of Connected Vehicles

It resembles a scenario from a Fast & Furious movie: hundreds of connected vehicles controlled by a malicious actor without the owner’s knowledge or consent… a bit farfetched? Or is it? Recently, the US Department of Commerce issued a notice of proposed rulemaking that will launch an investigation into the National Security risks posed by connected vehicles.

“Smart cars” gather every manner of sensitive information with the intent of making the user experience more customized to the individual driver. Drivers and passengers can link smartphones to vehicle infotainment systems, expanding access to personal and sensitive data. Modern vehicle infotainment systems use Wi-Fi, Bluetooth, USB and cellular to connect drivers to their vehicles technologic environments. These interfaces represent access points to hackers. Vehicle manufacturers lag in integrating robust cybersecurity measures into vehicle data systems. This facilitates easier access for hackers to personal information compared to traditional avenues like desktops and laptops.

Consumers expect seamless, timely over-the-air updates and bug fixes for vehicle systems with minimal user input. Modern vehicles essentially consolidate systems often manufactured by numerous companies. There are a few agreed-upon standards regarding cybersecurity for the numerous systems incorporated into today’s vehicles. Even though many manufacturers follow ISO (International Standards Organization) and NIST (National Institute of Standards of Technology) standards, few Chinese manufacturers adhere to such frameworks.

The global auto industry, sourcing components from thousands of manufacturers worldwide, faces a significant challenge in validating the integrity of sub-components within vehicle operating systems. The need for manufacturers to rapidly implement new features and technologies can compromise the overall security of these connected systems. It’s important that consumers understand these vulnerabilities and take action to reduce their exposure to potential malicious acts.

Regularly updating vehicle systems ensures security updates are made to critical systems. Using strong passwords and deleting administrative passwords where possible can deter hackers from accessing vehicle systems. Deleting applications that you don’t use from smart phones and connected infotainment systems reduces access through unpatched app vulnerabilities. Consumers and dealers can further reduce personal data theft by deleting vehicle data systems upon resale. If user data isn’t intentionally deleted from the vehicle’s data-collecting systems, it persists even after ownership changes.  And don’t forget integrated garage door and gate openers.

The industry is evolving to a more connected transportation network, connected EVs, self-driving vehicles, and smart safety systems that connect GPS and intervehicle coordination all increase the challenges posed by nefarious actors. The first step in mitigating risk is understanding vulnerability and how consumers can take positive action to reduce it.

To learn more about how to mitigate this risk for your dealership and your customers, contact us in the form below.