As cars become more dependent on computers, are they more vulnerable to hackers?
The advent of connected cars has brought a number of conveniences and creature comforts many drivers now take for granted. Apps like OnStar provide contact with emergency services at the touch of a button, assist with navigation, can create a Wi-Fi hotspot, and much more. Bluetooth technology allows for hands-free use of your cellphone and other entertainment devices in your vehicle. Connected cars can integrate these technologies seamlessly, but this convenience could be opening doors to criminals who want access to your property and sensitive information.
Some connected cars rely on more than 100 million lines of code, providing what experts call a large “attack surface” for sophisticated hackers. With nearly every added device, that window of opportunity for criminals becomes wider. Emerging apps like those that allow for shopping from your dashboard computer only increase potential risk of losing important personal information to savvy hackers.
Fortunately, car hacking has so far proven too time-consuming and difficult to make a lucrative business for most criminals, experts say. As cars become more connected to the internet, however, they will become more vulnerable, making car hacking a more practical and attractive prospect to cyber criminals in the future.
How to protect yourself and your car
The FBI and NHTSA offer four tips to help minimize your risk of being hacked.
- 1. Keep your vehicle’s software up to date. If you receive a notification about updating your vehicle’s software, verify that the update is legit (and not a phishing or malware scam) by contacting a local dealership or checking the manufacturer’s website. If you’re comfortable, you can install the software yourself (usually a USB drive containing the update is mailed to you), or you can make an appointment to have a dealership do it for you.
- Check for vehicle recalls. Some vehicles have already been recalled due to vulnerabilities to hacking. If your car has been recalled, the manufacturer should send you a notification informing you of the issue and how to get it fixed at no cost. You also can check SaferCar.gov to see if your car has been recalled.
- Don’t modify your vehicle’s software. Making modifications may affect the normal operation of your vehicle and introduce new vulnerabilities that could be exploited by an attacker.
- Be careful about connecting third-party devices to your car. According to the PSA, “All modern vehicles feature a standardized diagnostics port, OBD-II, which provides some level of connectivity to the in-vehicle communication networks.” Normally, mechanics and technicians use this port to inspect your vehicle’s systems and emissions. But other devices, such as vehicle monitoring tools available to consumers, can also plug into the port. An attacker may be able to use these to access your car and data remotely.
- Know who has access to your car. Just as you wouldn’t leave your computer or phone unlocked or with someone you didn’t trust, follow the same policy with your car.