Thinking of Buying a Connected Car? Don’t Ignore These Cyber Risks

• Published Date: June 20, 2022

With robust technological advancements, connected and self-driving vehicles have become one of the biggest global trends in short time. The basic idea of these technologies is to lessen the burden on the driver and keep passengers connected to the outside world. As per statistics, most of the motor vehicle accidents (MVAs) happen due to human error, which is precisely the risk these new automobiles seek to counter.

Advanced dashboard displays offering extensive information on the vehicle functionalities and best routes; internet connectivity with other vehicles, roadside infrastructure, and mobile devices of passengers; and advanced driver assistance systems (ADAS) equipped with more electronic components than a modern laptop are the defining features of these vehicles

However, almost like just about everything, such extensive connectivity and digitalization have a major downside…the inherent risk of a cyberattack! Internet connectivity means criminals no more need to steal a car physically; it can all be done sitting on a laptop or even with a smartphone, by hacking into the car’s computer and overriding just about every program. This is why software vendors are increasing their focus on the automotive cybersecurity market, which is set to reach $7,280.2 million by 2030.

Biggest Cyber Risks for Individual Vehicle Owners

Cyber risks for individual vehicle owners have been known since at least 2015, when researchers were able to command the controller area network bus of a car, thereby gaining access to the windshield wipers. Similarly, 2019, by manipulating the OEM back-end, scientists were able to get into the door control software. Moreover, one incident included the hacking of the car’s Bluetooth, thereby allowing miscreants to listen in on the passengers’ conversations inside.

Thus, by taking control of the entire connected vehicle, which has happened multiple times in the past, criminals could pose the following serious risks to individual vehicle owners:

• Remote Theft: The most-obvious risk for individuals and even fleet owners is remote car theft. Thieves could disable the vehicle alarm or cut it off from the OEM app installed on the users’ smartphones, and drive the car away without even being in it.
• Overriding Programs: Another inherent cyber risk for individual owners could be the frequent malfunctioning of electronic components not because of any genuine fault, but due to infection by a computer virus. Without a robust automotive cybersecurity framework, owners might need to contact a technician to fix the problem repetitively.
• Physical Damage: The fact that self-driving vehicles, especially those with level 5 automation, can be controlled remotely puts passenger’ life at risk, more than anything else. With the vehicle driving ‘itself’, it would be rather easy for someone to control it remotely and deliberately make it overspeed and crash.
• Loss of Important Data: By hacking passengers’ connected devices via the vehicle’s internet system, criminals could steal important information, such as contact and financial details and, then, demand a high ransom to give them back to the owner. Or, they could simply use the financial details to rob vehicle owners off every penny they have!

Biggest Cyber Risks for Delivery Fleet Owners

Delivery fleet owners, primarily in the two developed regions of the world, already depend strongly on connectivity services, such as telematics and fleet analytics, to optimize their operations and make the out of their resources. This gives criminals a lucrative opportunity to hack into the entire fleet’s centralized software at once, thus posing the following risks:

• Delays in Delivery: Since e-commerce companies pride and differentiate themselves on cost-effective and swift deliveries, miscreants could take control of the fleet and reroute vehicles via a longer or heavily congested route, to result in delivery delays or no delivery at all.
• Financial Theft: For companies that integrate their payment apps with the digital mainframe of the fleet, the risk of remote financial theft is high. People with malicious intent could simply hack into the vehicle’s computers and link up with the payment gateway, thus either rerouting the payment to themselves or stealing it from the company’s digital accounts.
• Additional Emissions: Since fleet owners must now comply with strict emission norms, it gives an opportunity to cyber criminals to modulate the engine and exhaust settings to make the vehicle release more emissions than the norm, thus subjecting victims to heavy fines and even revoking of the driving license.

Biggest Automotive Cyber Risks for Public Services

Practically, the cybersecurity risks for public service agencies, such as urban transportation companies, police and military forces, fire departments, ambulance networks, and even pieces of roadside infrastructure, including traffic lights, digital signboards, street lights, traffic cameras, and automated warning systems, could be even greater. Here are a few specific ones:

• Emergency Service Disruption: Self-driving and connected ambulances, fire trucks, and police cars can be sent somewhere else, thus allowing fires to spread, criminals to escape, and people with medical emergencies to potentially succumb.
• Cyber Warfare: With cyber warfare becoming a reality, a massive potential exists for criminals, who could, for instance, make vehicles in a military convoy crash into one another, control the automatic rangefinders of autonomous tanks and artillery guns, and in extreme cases, even launch nuclear weapons, primarily from mobile platforms, such as trucks.
• Mass Genocide via Public Transport Crashes: A family car carries five people, while even the smallest bus carries 12–15. By hacking into the self-drive programs of a bus, it could be made to crash, thus killing many at once. This could be a scene right out of Speed 2: Cruise Control, but for buses. Moreover, with robotaxis becoming increasingly popular, public transportation companies will need to assess their requirement for a robust automotive cybersecurity framework.

Therefore, not only OEMs, but those who own vehicles are vulnerable to a cyberattack, without a robust security system. Thankfully, many governments and international organizations, such as the UN, which has implemented the World Forum for Harmonization of Vehicle Regulations, are making everyone aware of these risks. Automakers of connected and self-driving vehicles are being mandated to secure these automobiles as best as possible and demonstrate the functioning of their cybersecurity framework.

This has further given impetus to the field of cyber insurance, which is now finding increasing penetration among owners and makers of automobiles. Hence, with level 4 and level 5 self-driving vehicles expected to be available commercially next year and in 2025, respectively, partnerships between cybersecurity software vendors and automotive companies will become increasingly common and necessary.