‘Help, somebody hacked my car!’ How secure are connected cars?

Security is a key item on every company’s IT agenda these days. The rise of the ‘Internet of Things’ (IoT) and the use of data make cybersecurity even more important. Even for the automotive industry, where tens of millions of cars will be connected to the internet in the coming years. But how secure are ‘connected cars’ today?

The internet has facilitated our lives in many ways. As soon as we connect something to the internet, a world of possibilities opens. In our homes, smart technology allows us to switch on the heating while we are still at work. Or use our smartphone to lower the shutters and adjust the lighting depending on our mood. Car manufacturers in turn are pushing the boundaries of our driving experiences with similar technologies. By now, connected cars are equipped with all sorts of smart features and often have WLAN (Wireless Local Area Network).

It allows our car to access more and more data, but also to generate its own data and communicate with other IoT devices and infrastructure. A connected car uses this data, for example, to get you to your destination as quickly, safely, and cost-efficiently as possible. By providing useful information about, among other things, traffic and weather conditions. It can also figure out the most economical places to refuel or charge. Your car can even help you avoid collisions and make emergency calls.

From the moment you connect a device to the internet, you have created a potential gateway for hackers. Unfortunately, the same is true for connected cars. Without the proper security measures, cybercriminals can walk away with personal information about your journey or even with more sensitive data. They can also manipulate the cruise control or braking system. In extreme cases, hackers might be able to steal your car. Think of vehicles equipped with digital keys or wireless applications that allow you to lock or unlock the car remotely.

When using hardware and software, you should also make sure that you always install the latest updates and patches. Developers are constantly screening for new threats and vulnerabilities that must be resolved. For the same reason, you should not wait too long when your PC or smartphone requests to download an update. On top of that, some applications are developed by third parties, which makes it even more challenging to avoid vulnerabilities.

Since the automotive industry has little or no experience with cybersecurity, those risks were certainly an issue in the early days of connected cars. Three years ago, a survey by Ponemon Institute found that as many as 30% of automotive companies did not even have a cybersecurity team in place. Most participants also indicated that their organization lacked the skills, budget, and resources to guarantee security.

Fortunately, the sector has made great progress in recent years, also thanks to the cooperation with leading players from the world of cybersecurity. To achieve maximum protection, security must be integrated in all layers: from design to production and even dismantling – after all, connected cars can also end up on the second-hand market. Security by Design is an important concept to ensure the protection of connected cars. In other words, security must be incorporated from the design phase rather than being added at a later stage. To prevent hackers from stealing data, all information exchanged by the car must also be encrypted.

However, not all responsibility lies with the car manufacturers. As with any form of technology, the end user is probably the weakest link. Companies invest enormous amounts of money in security but clicking on a suspicious email is still enough to invite hackers in a system. Connecting our cars with personal devices therefore creates an additional risk. If a driver installs an unreliable app on his smartphone and then connects that same device to his car, it could already open a gateway for cybercriminals.

Meanwhile, the number of connected cars is increasing exponentially. Driven by 5G, we will also get access to lots of new IoT applications. It is expected that by 2022, around 125 million cars will have an internet connection. The importance of cybersecurity can therefore no longer be underestimated and will be top of the agenda in the coming years within the automotive industry as well. But at the end of the day, cybersecurity is a shared responsibility of many different players: car manufacturers, governments, and of course we as end users.