By Arun Ganesan, VP & CTO, Esurance
For the last century or so, carmakers have been looking for innovative ways to make their vehicles safer. Simply buckling your seatbelt, for instance, reduces the risk of death by 45 percent and the risk of serious injury by 50 percent.
But in the era of connected cars, drivers are facing a whole new world of safety threats that can’t be thwarted by a seatbelt or an airbag. Every device you connect to the internet gives cybercriminals a new window to steal your data—and connected cars are no differ ent.
Here are three of the high-tech threats facing connected-car owners, along with the ways automakers are trying to get ahead of those threats.
Car hacking is one of the scariest modern-day threats to drivers. In 2015, Wired proved this to the masses in an article demonstrating that hackers with the right know-how can disable a car’s engine from just about anywhere in the world. No direct contact with the vehicle is even necessary. What’s worse, they can pull off this frightening exploit while the car is barreling down the highway at 70 miles per hour.
Manufacturers understand the business risks associated with high-profile data breaches and they take serious measures to protect the data they collect
The key to car hacking is the simple cellular connection that allows your car to give you GPS directions, call for roadside assistance or manage your in-car entertainment. Digital invaders can use this technology to commandeer crucial functions like braking, acceleration, and steering.
The discovery by Wired grabbed the attention of automakers in a major way, leading to the recall of 1.4 million vulnerable vehicles from multiple manufacturers.
In an attempt to get ahead of automotive cybercriminals, the auto industry also formed the Automotive Information Sharing and Analysis Center (Auto-ISAC) to cooperatively track cyber threats and identify potential exploits in-vehicle electronics.
According to a recent Esurance report, most cars built after 2014 are collecting data—a lot of data—and sending it back to the manufacturer. This can include your driving habits, the roads you drive on and even the music you listen to behind the wheel. Some expect that as much as 25 GB of data about you and your vehicle could be transmitted every single hour.
While there are many safety benefits to carmakers collecting this data, it still opens a door for people who want to steal it. Fortunately, manufacturers understand the business risks associated with high-profile data breaches and they take serious measures to protect the data they collect.
Additionally, the European Union’s new General Data Protection Regulation Act includes new consumer protections requiring that drivers be informed of the types of data being collected about them, as well as the right to authorize who has access to it.
Though this new regulation only protects consumers within the European Union, it serves as a model for regulators around the world. With vigilant action from both automakers and governments, consumers in the coming years should have more control over what information they share, and hackers should have less access to it.
Connected cars aren’t the only ones vulnerable to high-tech exploits. In fact, any vehicle with a remote locking and/or starting system could be easily victimized by a “relay attack.” These schemes use radio-enabled key fobs that trawl for the specific signal emitted by the car owner’s key, then replicate it to unlock the vehicle’s door and even start the engine. It’s not the newest tactic in the book, but it nonetheless poses a threat to your vehicle and your information security.
The automobile industry assures consumers that it’s working on fixes for relay attacks but, until there’s a solution, you can protect yourself by storing your car keys in a radio-proof pouch or container.
Connected-car technology is still in its relative infancy. That means drivers, car buyers and automakers alike need to be aware of the risks that this modern tech presents and be proactive in protecting themselves.