Constant menace from cyberattacks that could jeopardise the integrity of internal systems, sensitive data or the ubiquitous electric power grid where charging stations are to be found — causing the car to be rendered inoperable and the owner to suffer in all sorts of other ways.
Tapping into its computer system, or controlling its steering, engine and brakes remotely, can put drivers at risk.
Hackers
Connected cars are plagued by the main threat coming from hackers. Owing to Bluetooth connections, despite the internal security, hackers can pose to car systems, including infotainment and engine controls; theft of personal data; hijacked driving sessions; power grid shutdowns. Some of the recent attacks on the internet have been terrifyingly violent in their imagery. Not all vandals or hackers are common criminals trying to steal or ransom money; some can be hired as security consultants, and others are attacked themselves. To lessen the risk of such crisis, all drivers can disable in-car mild systems he/she is not frequently using and download only applications which has been manufactured by authorised manufacturer. Also, it is important for all drivers to report immediately to an authorised service centre or manufacturer about a strange sysbtem behaviour or an invasive system malfunction.
Data Theft
As long as automakers, Tier 1 and 2 suppliers and insurers are not able to ensure that drivers’ connected cars are truly secure, a breach where personal information collected, generated or shared by vehicles falls into the wrong hands is a risk for their owners. Hackers are finding multiple ways to break into connected vehicles and their apps, and to gain access to their information and settings. Phishing attacks are one of the primary means of attacks on connected vehicles and their apps. Brute force attacks, where hackers attack known vulnerabilities in systems directly, remain another serious threat to connected cars and their apps. Thus, consumers need OEMs and Tier 1 and 2 suppliers to be more transparent about the data that connected vehicles collect, and how consumers can change their privacy settings or opt out completely. It’s already well-known, simple technologies like strong passwords and encryption that can strengthen the chain against data theft. Insurers like HSB are responding with new policies, such as Cyber for Auto coverage that addresses this increasing risk.
Cyber Forensics
As the number of car systems that connect to the web increases, it’s opened up new avenues for hacking, including the possibility of subverting engine controls, tirepressure sensors and entertainment channels for streaming music and podcasts. Drivers need to minimise vulnerabilities like access points for hackers by turning off functions that they don’t tend to use, keeping their software patched up to date, and avoiding third-party devices or apps that might create vulnerabilities. Insurers have gotten the message: a handful of firms are selling cyber insurance policies to offset hacking, ransomware and other forms of online extortion. HSB, for example, developed a Cyber for Auto insurance product that covers connected cars for attacks. ‘We’ve found that consumers sometimes forget that [their] personal data – that lives on that car’s entertainment informatics unit (EIU) – could contain and disclose contact lists, email addresses and information about their driving habits,” says HSB’s Managing Counsel Del Coglianese. This data could then be used for identity theft or to extort money from drivers.
Cyber Liability
As cars become networked and take over-the-air updates or double as Wi-Fi hotspots, vehicles bear more cyber risk regardless. Automotive hacking might be a lower-probability vector than identity theft, but consumers must steel themselves to the reality, while insurers develop an understanding of this new risk and take action in tandem with automotive OEMs to educate drivers on ways to safeguard their vehicles. Users should focus on securing their networks by sticking to secure Wi-Fi networks, using a firewall to prevent unauthorised connections; create strong, unique passwords combined with two-factor or multi-level authentication to dramatically reduce the chances of unauthorised logins; and never connecting to unsecured public Wi-Fi, unless they’re connecting to their own secure private network at home, or using a hotspot guaranteed to do the same. Car companies, Tier 1 and 2 suppliers, and the insurers, must maintain much stricter privacy policies that outline what could go wrong and how to fully opt-out of the entire data collection programme platform that they are setting up. They should implement rate-limiting to provide API activity logging, another great mitigation technique to protect against attacks on your vehicle and related infrastructure.
