Your Car Is Hackable—Here Are Three Steps You Can Take


We’re used to protecting the information on our smartphones by keeping strong passwords and setting a lock screen. But fewer people know about the importance of protecting the information in their vehicles.

Earlier this year, the automotive shopping website CarGurus asked 1,020 consumers questions about common security practices and the risks of connected cars. Here are three main issues the survey uncovered about connected car security:

1. Critical vehicle components are hackable. Many cars use Wi-Fi to help drivers with things like turn-by-turn directions, but this also makes vehicles the equivalent of large, traveling computers. And like any computer that uses Wi-Fi, cars can also become vulnerable to hackers if their security software isn’t updated. The survey found that an alarming 61 percent of respondents did not know that steering wheels and brakes are susceptible to hacking.

2. Syncing a phone puts personal data at risk. For many drivers, linking their smartphone to their car is nearly second nature. The survey found that 70 percent of internet-enabled car owners have connected their smartphone to a vehicle in the past year. This is not a surprise considering that smartphones help with directions, make hands-free phone calls, and play music. Despite this high level of connectivity, 88 percent of respondents did not identify the data security threat posed by a connected car. Connected cars hold onto sensitive information like contact lists, previous destinations, and call logs—which means when a car changes hands, that information can linger for the next driver.

3. When it comes to updates, the onus is on owners. While automakers offer security updates that can fix holes in a car’s software, it’s up to the car owner to make sure their vehicle software is current. Sixty-five percent of connected car owners surveyed thought that auto manufacturers are legally required to notify owners of data security updates. While automakers can choose to alert owners via email, text message, or phone call, they are not legally obligated to do so—and there’s no standard way to inform them. However, there is one exception to this: the official recall notices that are required, which come via mail.

Fortunately, there are several steps people can take to better protect their information with connected cars:

1. Use strong passwords. This is tried and true advice, but it continues to hold up. Even though hacking attempts on connected cars are still rare, they are increasing in frequency: According to a report by Upstream, the number of cases increased sixfold between 2014 and 2018. A strong phone password will help in protecting all of its apps and add another layer of security when connecting that device to a car.

2. Perform a factory reset on the car’s infotainment system. If a smartphone is synced to a car, the information in the car’s infotainment system will need to be manually deleted when that vehicle is either traded in or returned, in the case of a rental. Every vehicle has different steps to take for resetting the system, and the instructions can usually be found in the infotainment system’s settings menu.

3. Stay up to date on recalls and software updates. When automakers send out recall notifications, vehicle owners should be sure to follow up. The National Highway Traffic Safety Administration site is a great resource to check and make sure that notifications are legitimate. Additionally, vehicle owners should be as diligent about software updates as they are about recalls. Even though the NHTSA does not issue software updates, vehicle owners should pay attention to communication that comes from the vehicle manufacturer. Some automakers offer over-the-air updates to a car’s software, while others still require drivers to make a trip to the dealer for a manual update.

The CarGurus survey uncovered an overall lack of awareness about connected cars. While connected vehicles are becoming more common and provide convenience, connected-vehicle owners still need to make sure they don’t overlook security and privacy the next time they plug their phones into their cars.

Madison Gross is Director of Customer Insights at CarGurus, an automotive shopping website based in Cambridge, MA. Follow @

Trending on Xconomy