Deep Dives Level Up Newsletters Saved Articles Challenges

7 cyber threats for smart cars

By David Lukić

Oct 4, 2020


Technology has made it easier for mechanics to identify and detect issues with vehicles. In fact, current trends are toward making a car completely autonomous so that a human driver does not need to be behind the wheel. While technology offers promise and opportunity, it can also sometimes pose a danger when hackers take advantage of it to control the vehicle. Here is what you need to know about the top threats for smart cars.

Remote hacking

Cybersecurity statistics show that one of the biggest consumer concerns about smart cars is privacy and whether the vehicle can be hacked. Researchers Charlie Miller and Chris Valasek were able to remotely gain access to the electronic systems of a Jeep Cherokee simply by knowing the IP address of the vehicle, which was public. Anyone with an internet connection could gain control over some of the functions of the vehicle if they just use a lookup smart car and input the vehicle’s VIN.

Installation of malware

Hackers who can gain access to a smart car’s onboard computer may be able to install infected apps, malware, and other security threats that input malicious code and allow the hacker access to the vehicle’s entire system. Hackers were able to infiltrate the Jeep Cherokee by accessing its infotainment system. Other hackers were able to insert a USB flash drive into a vehicle’s dashboard. Researchers were able to find the same vulnerability in Volkswagen and Audi smart cars. A team of researchers from New York University Tandon School of Engineering and George Mason University have identified security flaws in some of these systems that allow hackers to exploit these vulnerabilities and override the vehicle’s safety features.

Once a hacker cracks into a vehicle’s computer system, they may be able to install malware that can wreak havoc on the vehicle. If this happens, the hacker may be able to access an owner’s personal information. Additionally, they may also be able to alter alert systems such as if tire pressure is low or emergency brake sensory systems have problems, which could result in the driver getting in an accident or even dying.

Insecure apps

Researchers also found that mobile apps that are connected to smart cars may make smart cars more vulnerable to hackers. Researchers made startling findings, including that the studied apps:

– Contained little or no code to prevent the electronic unlocking of doors.

– Did not encrypt username and password credentials.

– Allows smart cars to be potentially compromised if mobile Trojans were used through the apps.

Researchers also found a security flaw in a popular electric scooter that connects a mobile app through Bluetooth that would allow a hacker 100 meters away to send commands to the scooter through the app without even needing a password.

Data gathering vulnerability

Sometimes, hackers may be able to obtain access to a vehicle if the manufacturer uses a third-party backend service to gather data or save data over the cloud.

Backdoor access

The use of mobile phones has increased dramatically and that poses a serious cybersecurity threat to individuals and businesses. Mobile phones tend to have fewer security features used on them, so a person with a vulnerable phone who connects it to their smart car may grant backdoor access to a hacker from their phone. This is especially true for Android users who may download insecure apps.

Installation of illegal diagnostic firmware

Another cybersecurity concern arises if a person installs an illegal firmware programme to help diagnose their vehicle’s mechanical problems or to reset the mileage on a car. Hackers may use a Trojan through this firmware to gain access to the smart car’s computer system.

Smart alarm hack

Researchers identified critical cybersecurity vulnerabilities in two of the world’s largest models of smart alarm systems which affected 3 million vehicles. Hackers were able to conduct penetration testing to detect the vulnerability, which allowed hackers to exploit the smart car’s alarm system. This allowed them to unlock the car and gain private information about the owner.

How to protect vehicles from cybersecurity threats

Today’s vehicles rely on technology now more than ever before. Apart from technical testing, checking for third-party interference may become part of your routine inspection in the coming years, especially if you are purchasing a used car.

It is important to understand how these attacks can occur so that you can fix them. Fortunately, there are several ways that you may be able to protect your customers’ vehicles (and your own) from cybersecurity risks, including:

Update software and firmware

Just like with phones, smart car systems may need to be occasionally updated. Many of these updates include security patches to fix discovered vulnerabilities. You can check for updates online by looking up the smart car make and model. You should also sign up for manufacturer updates so you are automatically notified when they report issues and updates.

Be careful with the apps you install

Consider every app you install in your car as a potential source of malicious code, viruses, or malware. Only use official apps from legitimate sources to prevent possible attacks.

Don’t install illegal firmware

Avoid installing illegal firmware or aftermarket accessories.

Install antivirus software

Help your customers avoid potential issues by installing antivirus software that can scan for malware and other issues.

Secure wi-fi

Make sure that the car owner has a secure wi-fi connection, is not using default passwords, and has not given out passwords to the vehicle’s wi-fi.

Check for malware

It is possible that the car owner may have taken their vehicle to an untrustworthy mechanic before you, so check for malware or signs for it when inspecting the vehicle.

Deactivate services

If you can’t find the source of the problem, consider deactivating all connected services to cut off entry points.