Is Your Vehicle Hackable? Frequently Asked Questions

If you enjoy lighthearted British sci-fi, you may just remember a 2008 Doctor Who episode where a race of hostile aliens covertly wowed humanity with an advanced satellite navigation system, only to take control of millions of vehicles in a bid to wipe people out. 

Well, welcome to the future — where scenarios once squarely confined to the realm of science fiction have become very real! Not only are self-driving cars no longer a fantasy, but modern vehicles can also, indeed, fall victim to hacking.  

Is your vehicle safe, or would you be better off shopping for a classic car?

  1. From Carjacking to Vehicle Hacking: Is Your Car at Risk?

In short? Yes. Unless you have an analog vehicle with a manual transmission (also called a “dumb car” these days), cybersecurity should be on your radar as a driver. While the risk remains comparatively low, all vehicles with electronic components can be compromised. You don’t need to own a self-driving car to be at risk.

Let’s take a look at the most vulnerable components (while you make a mental checklist of the ones installed in your ride):

  • Infotainment systems are an appealing target — and not just for Tesla owners who want to access the heated seats for free. When malicious actors gain access, they can potentially track the car’s location, steal sensitive data, and mess with the entertainment system.
  • Telematics systems communicate with vehicle manufacturers to receive updates and transmit information. Digital break-ins could result in data theft and malfunctioning.
  • Engine Control Units, modern cars’ central computer systems, control things like transmission and engine performance. The implications are clear. 
  • Advanced Driver Assistance Programs play critical roles in modern safety features, including lane-keeping. Misleading these sensors could have catastrophic results.

If that sounds scary, what about this? Any component that relies on wireless communication can be interfered with, including fobs and other keyless ignition systems. If a car can be hacked, the app it comes with should be a piece of cake, no?

Research into the cybersecurity threats modern vehicles face has concluded that cars, where all these systems run on the same network, are most at risk, while manufacturers that isolate different components from one another successfully safeguard their vehicles.

  1. Which Cars Are Susceptible to Cyber Threats? 

A team of digital wizards at the famous Black Hat conference zoomed in on 24 possible targets and examined how easy it would be to take control of various parts of the vehicle — remotely, without physical access to the car. 

Although their findings are just a tiny slice of the pie, and the cars they looked at are far from the only ones that could be accessed remotely, they still offer fascinating insights. 

  • The team discovered the Cadillac Escalade, Jeep Cherokee, and Infiniti Q50 were among the most hackable vehicles. 
  • Hacking into the 2014  Infiniti Q50’s keyless entry system (which operates through an app) could potentially give malicious access total control over the brakes and transmission because of the vehicle’s interconnected design. Yikes!
  • The Audi A8, on the other hand, was found to be far less vulnerable. By isolating critical systems accessing wireless connectivity from each other, Audi has managed to build a robust, hack-resistant “smartphone on wheels.” 
  1. How Concerned Should Drivers Be About Hacking?

The possibility that a malicious actor could compromise your vehicle doesn’t need to keep you up at night, but it’s certainly something to be aware of. The year 2019 saw around 150 cyber incidents involving a vehicle (although the precise numbers remain unclear), and Upstream’s most recent automotive security report warned that API-related attacks had increased by 380 percent in 2023. 

However, drivers should also be aware that car manufacturers take these threats extremely seriously — after all, their reputation and sales depend on their security measures! Automotive brands work with ethical hackers to identify potential threats as soon as possible, and they patch vulnerabilities as soon as they become aware of risks.

  1. What Happens if Your Car Is Compromised?

Honestly? In most cases, the digital route simply provides another way to commit an old and familiar crime — grand theft auto. Instead of physically breaking in, thieves may seek to clone fobs or unlock the car remotely. After that, they’ll look for a way to start the vehicle. 

The potential for security breaches, where criminals gain access to location and other data, should also be acknowledged. 

Fortunately, the risk of a black hat actor driving your car into oncoming traffic is still incredibly remote. (We’re not saying it isn’t possible, though.)

  1. What Can You Do to Protect Your Car from Cyber Attacks?

As a driver, you can do a lot to protect your vehicle from scary attacks. The proactive steps you can take include:

  • Making sure your car’s software and the associated app are always up-to-date, and installing security patches as soon as they become available.
  • Use strong passwords and multi-factor authentication for any accounts and services associated with your car. If you want to be extra-secure, consider looking into hardware tokens such as Yubikeys, which cannot be manipulated remotely.
  • Avoid connecting your smart car or devices with car-related apps to public WiFi networks, which are especially vulnerable.
  • Stay up-to-date about news related to your particular car model. If a risk emerges, you want to be one of the first to know about it!
  • Research vulnerabilities as you gear up to buy a new vehicle, so you don’t accidentally buy one of the most hackable models.

Finally, contact an authorized service or your car manufacturer immediately if something is “off” about the way your vehicle’s digital features are behaving. Don’t chalk it up to “whatever,” and never tell yourself you’re just being silly. Better safe than sorry, right?

  1. Final Thoughts

Yes, your vehicle is at risk of cybersecurity breaches if it has any connected features at all — but so are your computer, phone, Ring doorbells, Alexa devices, and (potentially!) even your smart washing machine, cat water fountain, or rice cooker. 

Don’t let that stand in the way of progress, unless you’re just looking for a great excuse to finally buy the classic car you’ve always wanted. Manufacturers are proactive about managing security, and drivers can play their part, too. Learn about the best ways to protect your connected car, and you’re probably good to go.