Cybersecurity Risks in Connected Cars

Cars rolling off the assembly line today have many automated safety features and connectivity solutions, including lane departure warnings, automatic braking and limited self-driving, and other computerized control systems that were not present even a few short years ago. A recent report shows that over 40% of drivers admit that they do not understand how to use all of the technology in new vehicles. With these advancements comes increased cybersecurity risk from potential hacking and remote control from numerous access points including:

  • OBDII (On-Board Diagnostics v.2) — A physical port, usually under the dashboard, on the driver’s side of the vehicle. If you’ve brought your car to be inspected and they plugged a cable into your car, or, if your car insurer has provided a little device to plug into your car to “get you a discount,” that’s the OBDII port. It provides direct access to the car’s control system.
  • OTA (Over the Air) — Certain car manufacturers provide OTA updates to connected vehicles. Like app updates to a smartphone that happen behind the scenes, these updates generally happen without the vehicle owner being aware.
  • Bluetooth – Bluetooth connections also may serve as a point of entry, but this point of entry requires close proximity to the vehicle.

Extreme scenarios of a car’s control systems being compromised by malware could result in remote access to a vehicle’s steering and braking systems. A compromised vehicle could allow spying on the driver, monitoring the vehicle’s location, gathering of personal data or simply unlocking a vehicle and disarming its alarm to steal it or possessions left inside.

Legislation before the House Energy and Commerce Committee would penalize unauthorized use of OBDII ports.  Senators Edward J. Markey and Richard Blumenthal in the U.S. Senate have introduced the Security and Privacy in Your Car “Spy Car” Act, which would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission to establish national standards to secure cars and protect driver privacy. The legislation also would establish a rating system – or “cyber dashboard” – that informs consumers how well the vehicle protects driver security and privacy. The NHTSA itself has released non-binding guidance on cybersecurity for the auto industry. The guidance is voluntary but provides best practices.

Share via
Copy link
Powered by Social Snap