Whilst owning a ‘connected’ car allows you to use handy functions like remote car locking and smart phone linking, did you know that this stored private data can make you susceptible to fraudsters? Here, Uswitch make us privy to some of today’s most common cyber scams.
If you own a connected vehicle, chances are you probably think this won’t happen to you. However, in 2019, the number of reported cyberattacks on ‘connected’ cars increased by 99% from the previous year alone.
Currently, 67% of new UK cars are connected, meaning that over two thirds of the nation’s newest cars are vulnerable to personal data fraud. It’s also predicted by that by 2026, 100% of new cars will be ‘connected’ suggesting that the number of fraud cases are only set to rise.
Connected cars can also collect up to 25GB of personal data every hour. As all of this data is stored, cyber-attackers could access this information should they hack into the car or its linked devices.
A standard connected car uses 150 million lines of code – a staggering 103.5 million more lines of a code than a Boeing 787 jet.
Scammers only need to change a few lines of code to steal personal data. Recently, cybercriminals recently stole 380,000 people’s data from British Airways by changing just 22 lines of code.
How cyber-attackers can access your personal data stored via your car
What’s most shocking is the simplicity in which this fraud can take place so here are the most common:
The scam: Keyless car theft
One person stands by the car with a transmitter, and the second stands at the property with a device to pick up a signal from the key. The signal is relayed to the transmitter and the car unlocks with the fake signal.
Ninety-two per cent of cars recovered from theft in 2019 were stolen without the keys. This takes as little as ten seconds, and can be done whilst you’re in your home.
How to prevent it
Use steering or wheel locks or other physical measures to deter car thieves. Use a fob blocker and metal-lined wallets to protect your car fob’s signal.
The scam: Weakness in connected mobile apps
Apps that communicate directly with cars are released all of the time, but they’re a tempting target for criminals. If the app has vulnerabilities, hackers can gain authorised access to your data and the features of the dark.
A high-profile example is Nissan whose app failed security testing; they were able to hack into to the car and remotely control the car’s heated seating, fans and air conditioning.
How to prevent it
Only download official apps from Google and Apple stores. Be mindful of app permissions – if it doesn’t seem relevant to the app’s function, then it’s a red flag.
The scam: Remotely taking control of vehicles
Hackers can control safety-critical aspects of a car – such as steering control, braking and turning off the engine. This is done by hacking into a car’s internal network, and controlling the system and safeguards.
Cybersecurity researchers proved this could be done by hacking into a Jeep, and interfered with its control whilst it drove down a busy road. They could even accelerate or slam the brakes.
How to prevent it
Limit the number of connections and personal data you trust your car with – sticking to essential functions makes you less vulnerable.
The scam: Theft of personal data
Your vehicle’s built-in apps tracks personal data such as your location, entertainment preference and even financial info. With this, there is an increased opportunity for hacks to steal your data via remote access, through text message scams, spyware to even intercepting signals.
How to prevent it
Connected cars produce up to 25GB of personal data every hour – including data about the driver, vehicle and passengers, so be sure to clear all personal data from your car before selling it. Keep your software in your car up to date as this is staying one step ahead of the hackers.
Jonaton O’Mara, a cybersecurity expert form CompareMyVPN commented, “Even if basic privacy measures were put in place, we feel anonymised data can be easily matched with other elements to break down any attempts to promote user privacy.
“In addition, the car companies themselves can now collect huge swathes of rich personal data — mainly location-based and habitual movements.
“However, this also covers connected device activity such as calls made, messages and phone numbers, which for privacy-concerned individuals is quite alarming.
“What we need is pressure from regulators and the cybersecurity industry to ensure that connected car data is both encrypted end-to-end to reduce any threat from a third party as well as what data is actually stored and kept.”