A recent study from Uswitch, a UK-based price comparison service and switching website, stated that threat actors are constantly enhancing their attack vectors and targeting linked devices for data theft. Smart vehicles saw a 99% increase in cyberattacks in 2019, which is seven times higher from 2018 alone. Uswitch revealed that over 67% of new cars registered in the U.K. are smart cars, which is estimated to rise to 100% by 2026 and a market worth up to £52 billion (US$ 65.71 billion) by 2035.
According to the study, connected cars produce up to 25 GB of personal data every hour, including data about the driver, the vehicle, and passengers. It is said that a Boeing 787 jet has about 6.5 million lines of code, while a standard connected car has about 100 million lines of code.
Vulnerabilities in Connected Cars
Uswitch also found certain key vulnerabilities in connected cars that attackers can abuse to take control of the car, these include:
- Bluetooth
- Remote Key
- On-Board Diagnostics (OBD)
- Tire Pressure Monitoring System (TPMS)
- Remote Link Type App
- Steering and Braking ECU
- Lighting System ECU
Risks of Data Theft
The study stated that connected cars collect information like location and movement information. It may also store personal data like messages, phone numbers, calls made, and financial information provided by car owners. This occurs when users sync their phones with the car’s entertainment system. This allows hackers to find vulnerabilities in the car system and steal users’ data via remote access.
Keyless Car Theft
The study also revealed that “Keyless Theft” attacks are increasing significantly. Hackers scan for the signal your key passively sends out to the car, and remotely access the car. “This approach is sometimes known as “relay theft”. Essentially, a thief can receive signals coming from your car key fob, even through windows and walls. The hardware they use tricks the car into thinking the key is nearby and unlocks the doors. The process can take as little as 10 seconds,” the report said.
Preventive Measures
Uswitch listed certain guidelines to protect connected cars:
- Limit the number of devices connected to your vehicle
- Use steering or wheel locks that can discourage car thieves
- Keep your car’s software up to date
- Be mindful of what apps you download – it is best to install only trustworthy applications from Google Play or the App Store
- Wipe any personal data from your vehicle before selling it
With the number of connected cars increasing significantly, industry regulators should ensure that connected car data is both encrypted end-to-end to reduce cyber risks from third parties and monitor what data it should store.