It might sound like something out of a sci-fi movie, but it's a scenario that is swiftly becoming a reality. Cybercriminals are finding ways to bypass your automotive security defenses and hack into your vehicles.

It doesn't come as a surprise though, because modern cars are essentially computers on wheels. They are loaded with embedded electronic control units (ECUs) that monitor and control core vehicle functions, including the navigation, steering, brakes, entertainment, and the engine itself.

So how can hackers control your car? And how do you protect your vehicle from these criminals?

Automotive Cybersecurity and the Threat Landscape

Automotive cybersecurity is a branch of computer security focused on risks related to vehicles. The National Highway Traffic Safety Administration defines it as:

Cybersecurity, within the context of road vehicles, is the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation.

As vehicles become more connected, they're also becoming susceptible to cyberattacks. Although any significant automotive security incident is yet to happen, the potential danger is terrifying.

According to the repository from Upstream.auto, there were around 150 incidents in 2019. That number may seem insignificant on the surface; however, it represents a 99 percent increase in cybersecurity incidents in the automotive sector over the last year. The industry has also experienced a 94 percent year-over-year growth in hacks since 2016.

It isn't just your data that is at stake here. Hackers could take control of your vehicle and make it obey them instead of the driver. They can use commands to activate or deactivate various automotive features that can lead to deadly consequences for commuters.

Related: Are Teslas Secure? How Hackers Can Attack Connected Cars

Want to see a demonstration? Check out this video from 2020 in which cybersecurity researchers hack into a Jeep Cherokee without any physical access to the vehicle. They could access the Jeep's entertainment system, mess with its brakes, steering, and transmission while a WIRED senior writer was driving it on the highway.

So the threat is real. And as more connected cars hit the roads, the risk of such attacks will only grow.

How Can Cybercriminals Hack Into Your Car?

Here are some of the ways cybercriminals can access automotive systems and make driving dangerous for you.

1. Remote Keyless Entry

Car Remote Key
Remote Keyless Entry

Key fob attack is the most common form of automotive hacking. It accounted for 93 percent of theft attacks in 2020, according to Upstream.auto, indicating a 27 percent increase over the five year period.

Most cars nowadays have a remote keyless system that allows you to lock or unlock the car, start its engine, and control the vehicle's windows and alarm system.

The key fob communicates with the vehicle within a range of five to 20 meters. It transmits encrypted RF signals, which are decrypted by the electronic control unit (ECU) and matched with stored data for successful authentication.

Cybercriminals can clone the encrypted radio signal and unlock the car with a counterfeit key. Here are a few ways hackers can exploit the keyless entry systems and break into a vehicle:

  • Using DoS attacks to disable the key fob and learn the sequence of data.
  • Cloning the transmitted frequency using Software Defined Radio (SDR) devices.
  • Using Remote Code Execution (RCE), a form of cyberattack in which the malicious actor executes arbitrary commands to access a vehicle from a remote server.

2. Smartphone Access

By hacking into your connected car, hackers can potentially gain access to the devices you have paired with the vehicle.

Any information you've uploaded into your system, including passwords, driving patterns, financial data, and credit card information, can be at risk as a result of the hack.

Hackers can also exploit apps for connected cars to get their hands on personal information about the car owner. There have been several incidents involving rental-car companies gaining unrestricted access to personally identifiable information (PII) of their customers. A leak of this type can become a major security risk.

3. Hacking Your USB Port

Cyberattacks through the USB data ports and other car interfaces are known risks in cars. Various studies have shown that modern vehicles can be compromised via USB ports and other inputs, including the infotainment system.

Most of these attacks are usually carried out using social engineering tricks where the hacker finds a way to access a car's system with a malicious USB device. Once inside, hackers can install malware and leverage resources paired with the vehicle.

This includes breaking into the driver's phone to access personal information such as bank authentication pins, messages, photos, and more.

Hackers can exploit the USB ports to mess with the car's firmware and make the driving experience difficult or dangerous for you. Therefore, it's advised you use a USB anti-data hacker charging adapter instead of a simple data cable.

4. Telematics

Car GPS
Telematic

As the car's electronic systems evolve, they're starting to require the same level of protection as your smartphone, computer, and servers. The advanced telematics navigation and tracking systems, which now come as standard on vehicles, make connected cars attractive targets to hackers, terrorists, and nation-states.

Related: What's the Best GPS Tracker for Your Car?

Essential features like the weather alerts and GPS location are being updated via vehicle telematics. Any compromise of the system may result in false weather info and wrong navigation, putting the car and passengers at significant risk.

How to Protect Against Car Cyberattacks

The risks to your car, personal data, and even life are scary, but there's a lot that you can do to minimize these risks. Here are some of the steps that you can take to solidify your security defenses.

Keep Your Systems Up-to-Date

Car manufacturers regularly send important patches and updates to sort out vulnerabilities in the system. It's always a good idea to enable automatic updates to ensure that all the software and internal systems are up to date.

Be Wary of Third-Party Software

Installing third-party apps and software can create vulnerabilities and put your car at risk. Make sure you install apps and tools approved by the car's manufacturer.

Limit Access

You should allow access only to people you trust. Try to hide your car's Wi-Fi code so that people cannot discover your network in public places.

It's also a good idea to switch off your car's Wi-Fi and Bluetooth when not in use.

Block Unauthorized Communication

Many cyberattacks begin by actors sending malicious codes and data packets to a target vehicle. You can avoid these attacks by installing an embedded firewall that can block unauthorized communication with the car's onboard computers.

An effective firewall will filter V2V (vehicle to vehicle) and V2X (vehicle to everything) communications and only allow authorized entities to communicate with the car.

Consider Cybersecurity When Buying Your Next Car

Automotive hacking has become a reality of the new world of connected vehicles. As a consumer, you should no longer buy a car based solely on its mileage, acceleration, torque, and top speed.

Always consider the security aspect of the vehicle before buying it. If there are access control features on the vehicle, make sure that you set strict controls. Set strong passwords and never share them with anyone.

With due diligence, you can avoid cyberattacks and keep malicious actors at bay.