Why we should be cautious of the connected car

Internet-connected vehicles offer convenience but pose cybersecurity risks. Hackers could steal data or seize control, endangering lives. Automakers must prioritize robust security to protect drivers.

The Cybersecurity Risks of Internet-Connected Vehicles

Introduction

The rapid integration of internet connectivity into everyday objects has transformed modern life, creating an interconnected ecosystem known as the Internet of Things (IoT). From smartwatches and fitness trackers to entire homes equipped with intelligent appliances, this trend toward ubiquitous connectivity has reshaped how we interact with technology. Inevitably, the automotive industry has embraced this shift, with many modern vehicles now featuring internet capabilities, such as infotainment systems, navigation tools, and even Wi-Fi hotspots. While these advancements offer unprecedented convenience and functionality, they also introduce significant cybersecurity risks. Unlike traditional computers, which benefit from decades of security development, internet-connected vehicles often lack robust protections, making them vulnerable to cyberattacks. This essay explores the potential dangers of compromised connected cars, particularly the risks to personal data and vehicle control, and underscores the urgent need for automakers to prioritize cybersecurity to ensure driver and public safety.

The Rise of Connected Vehicles

The automotive industry has undergone a technological revolution, driven by consumer demand for seamless connectivity and advanced features. Modern vehicles are equipped with a range of internet-enabled systems, including telematics for real-time diagnostics, over-the-air software updates, and infotainment platforms that integrate with smartphones. Some cars even function as Wi-Fi hotspots, allowing passengers to connect their devices to the internet. According to a 2023 report by McKinsey & Company, over 95% of new vehicles sold in developed markets by 2030 are expected to have some form of internet connectivity. This trend is further amplified by the rise of autonomous and semi-autonomous vehicles, which rely heavily on networked systems for navigation, sensor data processing, and communication with external infrastructure.

While these features enhance the driving experience, they also expand the attack surface for cybercriminals. Unlike traditional vehicles, which were largely mechanical and isolated from external networks, modern cars are essentially computers on wheels, with complex software ecosystems that can be exploited. The lack of standardized cybersecurity protocols across the automotive industry exacerbates these vulnerabilities, raising critical questions about the safety and privacy implications of connected vehicles.

Vulnerabilities of Internet-Connected Cars

The integration of internet connectivity into vehicles introduces several potential vulnerabilities. First, the software and hardware used in connected cars are often not designed with cybersecurity as a primary focus. Many automotive systems rely on outdated or unpatched software, which can contain known vulnerabilities that hackers can exploit. For example, a 2015 demonstration by security researchers Charlie Miller and Chris Valasek revealed how a Jeep Cherokee could be remotely hacked through its infotainment system, allowing attackers to control critical functions like brakes and steering. This incident highlighted the real-world implications of inadequate security measures in connected vehicles.

Second, the use of cars as Wi-Fi hotspots creates additional risks. When a vehicle serves as a network hub, any device connected to it—such as a smartphone, tablet, or laptop—becomes part of the same network. A compromised car could serve as a gateway for attackers to access these devices, potentially exposing sensitive personal information such as credit card numbers, addresses, or login credentials. Moreover, the vehicle’s own systems, including GPS data, diagnostic logs, and user profiles, could be accessed, leading to privacy breaches or identity theft.

Perhaps the most alarming vulnerability is the potential for an attacker to seize control of a vehicle’s critical systems. Modern cars rely on electronic control units (ECUs) to manage functions such as acceleration, braking, and steering. If a hacker gains access to these systems through an internet connection, they could manipulate the vehicle’s behavior, potentially causing it to stop abruptly, accelerate uncontrollably, or veer off course. Such scenarios pose significant risks not only to the vehicle’s occupants but also to other drivers, pedestrians, and infrastructure.

The Threat of Cyberattacks on Connected Vehicles

The consequences of a cyberattack on an internet-connected vehicle can be catastrophic. At the individual level, a compromised car could lead to the theft of sensitive data stored in the vehicle’s infotainment system or connected devices. For instance, navigation systems often store home addresses, travel histories, and other personal information, which could be exploited for stalking, burglary, or fraud. In a 2022 study by the Ponemon Institute, 68% of surveyed vehicle owners expressed concern about the potential for their personal data to be stolen through their car’s connected systems.

More disturbingly, a cyberattack that compromises a vehicle’s control systems could result in physical harm. Imagine a scenario where a hacker remotely disables a car’s brakes on a busy highway or manipulates a self-driving car’s navigation to cause a collision. Such incidents could lead to injuries, fatalities, and significant property damage. The 2015 Jeep Cherokee hack demonstrated that such attacks are not theoretical; researchers were able to remotely control the vehicle from miles away, prompting a recall of 1.4 million vehicles by Fiat Chrysler Automobiles to address the vulnerability.

The rise of autonomous vehicles amplifies these risks. Self-driving cars rely on complex networks of sensors, cameras, and software to navigate roads and make real-time decisions. A cyberattack that disrupts these systems could render the vehicle inoperable or cause it to misinterpret its environment, leading to accidents. For example, a hacker could manipulate a self-driving car’s lidar or radar systems to create false obstacles or ignore real ones, with potentially deadly consequences. As autonomous vehicles become more prevalent, they will likely become prime targets for cybercriminals seeking to exploit their reliance on connectivity.

The Broader Implications for Society

The cybersecurity risks of connected vehicles extend beyond individual drivers to society as a whole. A large-scale attack targeting multiple vehicles could disrupt transportation systems, cause widespread panic, and undermine public trust in connected and autonomous vehicles. For instance, a coordinated attack that disables thousands of cars on a city’s roads could paralyze traffic, delay emergency services, and cause economic losses. In a worst-case scenario, such an attack could be used as a tool for terrorism or extortion, with hackers demanding ransoms to restore control of compromised vehicles.

Moreover, the automotive industry’s supply chain is highly interconnected, with multiple vendors providing software, hardware, and connectivity solutions. A vulnerability in a single component—such as a third-party infotainment system or a telematics module—could affect millions of vehicles across different brands. The 2021 SolarWinds cyberattack, which compromised multiple organizations through a single software supply chain, serves as a cautionary tale for the automotive industry. Ensuring the security of every component in a vehicle’s ecosystem is a daunting challenge, but one that must be addressed to prevent widespread vulnerabilities.

Current Security Measures and Their Limitations

While some automakers have begun to address cybersecurity concerns, the industry as a whole lags behind other sectors, such as finance and healthcare, in implementing robust protections. Common security measures in connected vehicles include encryption for data transmission, authentication protocols for software updates, and firewalls to protect in-vehicle networks. However, these measures are often inconsistent across manufacturers and models, and many vehicles still lack basic protections like intrusion detection systems or secure boot processes.

One significant challenge is the long lifespan of vehicles compared to consumer electronics. While smartphones and computers receive regular software updates to patch vulnerabilities, cars are often on the road for a decade or more, and many do not receive consistent updates. Even when updates are available, they may require a visit to a dealership, which can be inconvenient for owners and lead to delays in addressing critical vulnerabilities.

Additionally, the automotive industry faces a shortage of cybersecurity expertise. Developing secure systems requires specialized knowledge, and many automakers lack the in-house capabilities to design and test robust security measures. This gap is compounded by the complexity of modern vehicles, which can contain millions of lines of code and hundreds of interconnected components, each representing a potential point of failure.

Recommendations for Enhancing Vehicle Cybersecurity

To mitigate the risks associated with internet-connected vehicles, automakers, regulators, and other stakeholders must take proactive steps to prioritize cybersecurity. The following recommendations outline a comprehensive approach to securing connected and autonomous vehicles:

  1. Adopt Industry-Wide Cybersecurity Standards: The automotive industry should collaborate to establish standardized cybersecurity protocols, similar to those in the aviation or financial sectors. Organizations like the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) have developed guidelines, such as ISO/SAE 21434, which outlines best practices for automotive cybersecurity. Automakers should adopt these standards and ensure compliance across their supply chains.

  2. Implement Robust Security Measures: Vehicles should be equipped with advanced security features, including intrusion detection systems, secure boot processes, and end-to-end encryption for all data communications. Over-the-air update mechanisms should be mandatory to ensure timely patching of vulnerabilities, and these updates must be authenticated to prevent unauthorized modifications.

  3. Enhance Supply Chain Security: Automakers must work closely with suppliers to ensure that all components, from ECUs to infotainment systems, meet stringent cybersecurity requirements. Third-party vendors should be required to conduct regular security audits and provide documentation of their security practices.

  4. Invest in Cybersecurity Expertise: Automakers should hire and train cybersecurity professionals to design, test, and monitor vehicle systems. Partnerships with academic institutions and cybersecurity firms can help bridge the expertise gap and foster innovation in automotive security.

  5. Educate Consumers: Drivers should be informed about the risks of connected vehicles and encouraged to adopt best practices, such as using strong passwords for in-vehicle systems and avoiding untrusted Wi-Fi networks. Automakers can provide user-friendly guides and tools to help owners secure their vehicles.

  6. Collaborate with Regulators: Governments should work with the automotive industry to develop regulations that mandate minimum cybersecurity standards for connected vehicles. These regulations should include requirements for regular security assessments, incident reporting, and consumer protections in the event of a breach.

  7. Prepare for Autonomous Vehicles: As self-driving cars become more common, automakers must prioritize the security of autonomous systems. This includes implementing redundant safety mechanisms to prevent unauthorized control and conducting rigorous testing to identify and address vulnerabilities.

Conclusion

The integration of internet connectivity into vehicles represents a significant leap forward in automotive technology, offering drivers unprecedented convenience, safety, and efficiency. However, this connectivity comes with substantial risks, from data breaches to the potential for remote vehicle hijacking. As connected and autonomous vehicles become increasingly prevalent, the automotive industry must act swiftly to address these vulnerabilities and protect drivers, passengers, and the public. By adopting industry-wide standards, implementing robust security measures, and fostering collaboration among stakeholders, automakers can ensure that the benefits of connected vehicles are not overshadowed by the dangers of cyberattacks. The potential for a compromised car to cause physical harm or widespread disruption underscores the urgency of this issue, making vehicle cybersecurity one of the most critical challenges of our time. Only through proactive investment and innovation can the automotive industry safeguard the future of transportation and maintain public trust in the era of connected mobility.

Unknown's avatar

Author: WarsOfZerosAndOnes

My name is Carlos Aguilar and I graduated from Bellevue University in Master of Science in Cybersecurity

Leave a comment

Design a site like this with WordPress.com
Get started