Digital threats to your car's security header

Digital threats to your car’s security

Today’s cars typically have more computing power than was used to put Neil Armstrong and Buzz Aldrin on the Moon. Engine management system, autonomous brakes, satellite location units, locks, airbags, digital displays, in-car entertainment systems and wi-fi connections - it’s easy to see why a modern coupe is in many ways a more sophisticated beast than Apollo 11.

But is all this technology effectively a Trojan horse that could open drivers up to the risk of hacking? Find out the most common digital threats to our cars, whether your insurance covers this type of crime, and how best to reduce the risk of hacking.

Car hacking awareness

We studied drivers in the UK and found awareness of the threat of car hacking to be alarmingly low. Less than 1 per cent (0.6 per cent) of drivers asked are aware of the most common hacking flaws their car might face.

These vulnerabilities could have a significant effect on driver safety. They include the car being tracked, controlled remotely or having its safety features disabled.

Awareness of the threat of car hacking is less than one per cent

Rising car crime

Despite an overall downward trend in vehicle crime since 2002, in recent years there has been a resurgence - particularly with regard to crime defined as "vehicle interference", which includes all offences not covered in another category.

Vehicle interference has seen a rise of 29 per cent since 2014, while vehicle theft saw an increase of 19 per cent from 2016-17. This increase in crime may be due to the increasingly widespread technology that allows for a greater range of "interference" with a vehicle.

Rising car crime graph

UK drivers experience of car hacking

When compared to other forms of cybercrime such as hacking emails or online banking or mobile phone accounts, consumers were less concerned about their car being hacked

However, a staggering 16 per cent of drivers declared that they or someone they know has experienced a form of car hacking, be that digital theft or another form of interference.

The results suggested this type of crime to be most prevalent in Coventry, where 31 per cent of those asked had experienced some form of car hacking crime, either personally or via someone they knew.

UK drivers experiences of car hacking

The study found that, while 18-24 year olds were least informed about specific car-hacking methods, they were also the most concerned about their cars being vulnerable, with 23 per cent worried that their vehicles would be hacked.

Overall, 19 per cent of people, or just under one in five, are worried about their car being hacked, with multiple car models on the road today having demonstrated a vulnerability to a keyless car hack which could open them in seconds.

Car security concerns

Many drivers would go as far as choosing an alternative spec when buying a car based on security concerns – 63 per cent of people asked wouldn't buy a keyless car as a result of these fears.

A further 19 per cent who have keyless entry on their vehicle are already taking additional security measures, including disabling their key signal while not in use, or even storing keys in a container which blocks electronic signals. Drivers should ask their manufacturer, dealer or garage for advice.

Keyless cars

Does insurance cover against hacking?

There’s uncertainty among drivers as to whether car insurers cover this type of car hacking, with 79 per cent of those asked not knowing if their insurance policy would cover them in the event their car was hacked.

Insurers and the government are working out how to cover fully autonomous vehicles. Specifically, they have been grappling with who is liable at what point - the driver, the car manufacturer or the manufacturer of the on-board computers?

In a bid to keep things simple, the approach can be distilled as:

  • Drivers will have one insurance policy that covers the vehicle when it is driven manually and when it is in autonomous mode
  • If the driver of an autonomous vehicle causes injury or damage to third party, that party can claim against the driver’s insurer regardless of what mode the car was in when the accident occurred.
  • Drivers won’t be held responsible for faults in the car’s systems, and they will be able to claim if they are injured or suffer loss because of a fault in the car.

As far as hacking activity such as keyless theft - so-called ‘relaying’ - is concerned, insurers will pay out providing the owner/driver has taken reasonable care to protect their property. Owners of cars deemed by insurers to be a particular risk of keyless theft may find they are charged higher premiums as a result.

79% of drivers don't know if their insurance policy would cover them

7 major car hacks

We’ve outlined the seven most common digital vulnerabilities drivers currently face, from gaining access to a vehicle via hacking the keyless entry to stealing driver location data.

Relay hack keyless entry

Normally, your remote car key signal won't reach from inside your house to a car outside. But using a ’relay box‘, criminals are able to boost the signal from your keys when they’re away from the vehicle and spoof the exact signal - causing your car to unlock and allowing the thief access.

Over a quarter (28 per cent) of drivers were familiar with this type of crime, more than any of the other six major car hacks.

How to stay safe: see if you can disable your key signal while you’re parked. Keep your key away from the front door. Consider keeping it in secure container - ask your manufacturer, dealer or garage for advice.

Keyless jamming

Criminals can also use tools to prevent your car key's locking signal from reaching your car. This means that your car remains unlocked when you move away from it, and the thieves are able to access your unsecure vehicle.

Just under a quarter (24 per cent) of drivers that were asked were familiar with this type of digital vulnerability.

How to stay safe: check your door manually. Use a steering lock. Never leave valuables in the car. Avoid loading bought items into your vehicle in a retail car park and then returning to the store or another outlet.

Tyre pressure monitor systems

Hackers are able to interact with sensors inside a vehicle's tyres to track the vehicle and display false tyre pressure readings. The practical application of this type of hack is less obvious and only 9 per cent of drivers were aware of this type of flaw.

How to stay safe: double check your tyre pressures on a regular basis. Ask the car manufacturer for guidance.

App Flaw Local Remote Control

Certain telematics companies provide vehicle security and tracking for a number of vehicles. While you might not directly use the features from these apps, many cars may possess them without your knowledge as many vehicle tracking apps integrate with their technology.

A misconfigured or deliberately altered server allows hackers to locate, unlock and even potentially start the engine of nearby cars.

How to stay safe: consult with your car manufacturer for guidance and support.

Controller Area Network (CAN) Disabled Safety Features

Using vulnerabilities in a car's wi-fi or phone connections, hackers can access the internal car network and send ‘denial of service’ signals which can shut down air bags, anti-lock brakes, and even door locks.

Despite the potentially significant outcomes of this, only 13 per cent of drivers asked were aware of this flaw.

How to stay safe: ask the vehicle manufacturer for advice. Change your passwords regularly.

On-Board Diagnostics Hack

Cars possess a feature called an "on-board diagnostic port" that allows garages to access the internal data of a vehicle to perform tasks such as checking service light faults and programing new keys for their owners.

However, kits which can use this port to program new keys can cost as little as £50, and hackers can use these to create new keys to access vehicles.

How to stay safe: always use a trusted, reputable garage and double-up on security with a steering lock or other physical device.

Phone Phishing

Wi-fi access to your car is made all the easier if you fall prey to a standard phishing scheme in advance.

Hackers will send emails with links to malicious websites or apps that then take your details or even take control of any applications you might have on your phone that enable you to interact with your vehicle.

How to stay safe: treat all emails from unknown senders with caution and, if in doubt, do not open or click on any links.

To ensure your car insurance provides the cover you expect always ensure you read the fine print of your policy document.

Ready to save on car insurance?

Get a quote in less than 5 mins

Get a new quote

 

Methodology

Survey data based on a OnePoll survey of 1000 UK Drivers, August 2018. 

Sources

https://www.wired.com/

https://www.telegraph.co.uk/

http://news.thatcham.org/

https://www.zdnet.com/

https://www.express.co.uk/

https://www.ons.gov.uk/

 

Find this helpful? You can share this article