Doorbells. Televisions. Alarm systems. Vehicles. What do these four unrelated things have in common? Nothing, really, aside from the fact that they’re now all connected to the Internet for some reason.
These products (and so, so many more) were all built with functionality and style in mind. You would be right to assume the original designers of these products did not have data security in mind, and that oversight is what consumers are faced with today. As such, hackers have seemingly endless entry points to steal the data that comprises your life — when you’re home, what media you consume, where you drive, and everything in between, thanks to our insistence on convenience and the Internet of Things (IoT.)
Just because you’re being paranoid doesn’t mean people aren’t after you. It’s highly concerning that in 2023, most people nonchalantly say yes to having Internet-connected cameras attached to the front of their house (doorbells) and placed strategically throughout the inside of their homes (alarm systems). We pay cable providers for the right to have our data sold back to us in the form of marketing, and we don’t hesitate when our vehicles ask if they can sync up with our other “smart” devices (e.g. your phone that has all of your contacts, calendar, and browsing history or perhaps your home-automation system that includes your garage door, cameras, alarm system, etc.).
Manufacturers know all too well that data has tremendous value. The functionality of a product sells; the security and privacy of that data is an unfortunate afterthought.
Now if you haven’t driven a newer vehicle lately, you are missing out on some incredible advancements in the ways automobiles can perform. From touchscreen monitors and blind-spot warning lights to assisted braking in emergencies, and automatic high-beam headlights, the future of automotive ingenuity has arrived with a flourish. Think about all that data being monitored, collected, and transmitted to whomever.
Driving today has never been safer or more enjoyable. However, driving also has never been more vulnerable to cyberattack from hackers due to the software that controls many innovative features.
Modern vehicles nowadays come equipped with an extensive range of automotive features driven by software that is responsible for functions like cruise control, engine timing, door locks, airbags, and countless other advanced systems. Deloitte research estimates that there will be more than 470 million connected cars in use by 2025 if their popularity continues to grow at the current rate. Beyond that, we’re witnessing the rise of driverless vehicles for users and the transportation of goods in test markets. These vehicles have a lot of IoT devices and use Bluetooth, cellular, and Wi-Fi technologies for communication. As a result, all of these factors make them especially susceptible to attack.
So, what can automobile owners do to mitigate the risks and protect their investments?
Creating Unsafe Driving Conditions
If there’s a will, hackers seem to find a way to infiltrate anything and everything with an Internet connection. From fish tank thermometers in casino lobbies to the car you drive your children to school in, nothing is safe from the prying fingertips of cybercriminals.
In the automotive world, two not-so-distant breaches come to mind: Chrysler having to recall 1.4 million Jeeps in 2015 due to an exposed vulnerability where hackers could gain access to the radio, control the steering wheel, and even disable braking; and a white-hat hacker who showed Tesla in 2017 that its entire fleet of vehicles could be accessed by exploiting a weakness in the automaker’s servers.
Cybersecurity has struggled to be invited to the design table with the technological innovations in the auto industry. As the world — and the vehicles we use to navigate it — becomes evermore connected via the Internet, the possibilities for malicious hacker activity are endless. From remote manipulation of critical safety systems to draining electric vehicle batteries while in transit, the concerns are legitimate and the dangers are all too real.
Minimizing Your Chances of Cyberattack
In order to fully enjoy and take advantage of convenient connected-vehicle features, you should learn a few steps to reduce the attack surface from bad actors who want to access your vehicle and driving data. Here are a handful of automotive cybersecurity best practices to shore up your protection:
1. Regularly update software
This is the most important step you can take as a cautious owner of any product that is connected to the Internet. Make sure to keep all software and firmware up to date with the latest security patches and fixes. In terms of automobiles, this includes the operating system, as well as any other software that runs on the vehicle’s systems. Be cautious when you download, though, as unauthorized software and systems are accidents waiting to happen. Always use a secure network and stick to official software from well-known and trusted brands to avoid unintentionally putting your digital (and physical) safety at risk.
2. Don’t subscribe to IoT services
This is a tough sell for a lot of folks, but features like Sirius XM and Google Maps are collecting information about your preferences and habits by the minute. Do you really need them? Consider unsubscribing from these types of services. Additionally, there is a diagnostic port under your dashboard that allows for the insertion of small tracking devices called dongles. These devices let various companies — namely insurance providers and automobile manufacturers — monitor your driving behavior or the performance of the vehicle. Remember: They are using your data to determine their risk of insuring you. If you insist on using a dongle while driving, consider removing it while not using the car to minimize the access that hackers have.
3. Disable transmission of data in your car’s system
The minute you hook up your phone to your car, it will typically download (“sync”) all the information off your phone, which may be sent back in part to the vehicle manufacturer. If you want to protect the privacy of data on your phone, remember you are trading some or all of your data privacy for the promise of convenience and functionality. But what about the vehicle data itself? As an owner, you do not have clear and definitive instructions about preventing the automobile manufacturer from collecting and potentially selling the data it collects on you to marketers; oftentimes, the data collection and sharing with “third parties” is baked into the functionality of the vehicle. Just know that thanks to a number of recently passed data privacy laws, you can opt out of data sharing by contacting the manufacturer or your local dealership and finance company. Be vigilant. Your data has value — otherwise, why would companies be so eager to collect it?
While automotive features are becoming more and more advanced, we have to be aware of the cyber and privacy threats that come with them. IoT devices in our cars can be easily hacked if we’re not careful, leading to potential unintended misuse, sale, or theft. To minimize these pitfalls, it’s important to take common sense precautions to minimize your data attack surface area. Do you have any questions about how to raise your cybersecurity and data privacy defenses in a modern automotive/IoT world? Leave us a comment below or contact our team of experts for more information.
About the Author:
Jason Robohm has over 25 years of IT experience identifying and correcting infrastructure security problems, as well as building information security programs; this encompasses the analysis of business compliance obligations along with project planning and implementation of innovative process management techniques aimed at improving information system uptimes and capabilities.