The demand for connected-cars has been rising and most of the connected-cars have been sold to customers. A connected car is a car that is equipped with Internet access and allows the car to share internet access with other devices including outside and inside the vehicle. The connected-cars are convenient, modern and expensive but it creates a massive opportunity for attackers to hack these connected-cars and make it easy to steal. The connected-cars are also called “robotic vehicle” Ford auto-driving car and Renault Kwid are some examples of a “robotic vehicle” that may drive themselves.
According to a report released by cybersecurity firm Upstream Security,
“In 2020, the connected-car market will reach a tipping point, with the majority of vehicles already connected to the Internet when sold in the United States, representing a large base of potential targets for attacks.”
It was reported that connected-car companies were attacked more than 150 times this year. The vehicle hacked incident including stealing cars by hacking keyless entry fobs to tracking trucks by compromising online fleet services. ProTrack and iTrack are two GPS services that hackers use to find the connected-cars. Users who had the default passwords were more targeted and attacked by hackers, accessing 27,000 accounts between the two services since April 2010.
Moreover, users with the weak passwords were targeted as it was easy to guess the password by Brute Force attacks. Also, a hacker can easily steal Tesla by using a key less entry bypass. In some cases, State-sponsored terrorism of Vietnam stole information on 3.1 million Toyota customers. The attackers have mostly two motives for hacking the vehicle; data breach and stealing vehicles. However, when riding the connected-car and imagine your car getting hacked and the car getting out-of-control in the middle of the highway, it is something that we should be worried about while driving the connected-car as it is dangerous.
GM, Toyota, and Ford are the top-three best carmakers in the U.S and they are planning to sell only connected-cards from 2020. On the other hand, other carmakers in the US are also planning to sell only connected-cars from the five years now. According to Upstream, “Most attacks focus on the keyless entry system (30%), the application servers for the service (27%), the mobile application for the service (13%), or the onboard diagnostic port used by mechanics to service the vehicle.” The report also stated that once the hackers get access to the telematic server then the hackers will get access to everything that is connected to it including apps, data and all the connected vehicles.
In order to make sure the cars are well secured and less exposed to vulnerabilities, the car companies have started paying ethical hackers for finding the vulnerabilities through many platforms such as HackerOne. Tesla kicked off a bug bounty program in 2014, General Motors in 2016 and Ford in 2019. It was also stated that security is something that companies are investing a lot of money and time as the users or drivers do not have the capabilities to protect the car except with the strong username and passwords.
There are many ways to protect your cars which are; by hiding your car’s WiFi, turning of your car’s Bluetooth and WiFi when you are not using, always make sure to up to date with the new version and software update, and make sure to keep in touch with your car’s manufacture in case if you have any problem in the car.
