As cars become more and more connected, news coverage of high-tech car theft has unsurprisingly begun to alarm consumers, automakers, and insurers alike.
An estimated one-third of vehicles on the road right now have some connected capabilities that could provide wireless access to vehicle control systems, reports Forbes. Technology predictions name the mid-2020s as the point when almost all new vehicles will have data connections, which means we’re not far from cybersecurity risks affecting almost every driver on the road. And with new technologies come new vulnerabilities.
Hacker Car Thieves and Increasingly Vulnerable Connected Vehicles
We’ve reported on the intentional hacking of a Jeep in July 2015 by researchers in which hackers gained control of a vehicle while it was driving – a terrifying and helpless scenario.
One of the more disturbing facts about these new cyber thefts is the scale. In August, two men were jailed in Houston after the FBI discovered they’d stolen more than 100 new Jeep and Dodge vehicles. The men targeted a common software system used by auto technicians and dealers and, using a laptop, reprogrammed the vehicles’ security systems so they could access the cars with their own keys.
In the same month, news surfaced that researchers found vulnerabilities in 100 million Volkswagen vehicles – produced as far back as 1995 – which could allow them to be unlocked with a simple wireless hack.
Fiat Chrysler (owner of Jeep and Dodge) is investigating the Jeep and Dodge thefts, but Yoni Heilbronn, a computer security expert, told Popular Mechanics he expects malicious software installations and vehicles to be held for ransom digitally, and foresees attacks targeting multiple vehicles at once. Heilbronn says automakers must install multiple layers of defense, something they have yet to do.
What Is the Auto Industry Doing: Cybersecurity Best Practices
Increasingly connected cars have the potential to increase road safety and cut down on congestion and other traffic woes by communicating with each other. Imagine a city in which all cars were in constant communication with each other, sharing everything from location of stalled vehicles to slippery roads to ambulances making their way to the hospital – an entire hive working to help traffic flow more smoothly and cars travel more safely. But with all that connected communication comes greater potential for hacks and security breaches.
In July, the Automotive Information Sharing and Analysis Center (Auto-ISAC) published their very first set of cybersecurity best practices which will help engineers and technology developers ensure new systems are resilient to attacks and can respond safely if an attack occurs. These new best practices will guide automakers in ensuring connected vehicles are secure, can detect threats proactively and defend against them if necessary, can respond properly to attacks, and that collaboration and engagement among all interested industry parties will remain open.
Also in July, China established an automotive cybersecurity committee “to ensure the safe running of intelligent, connected and electric cars,” Shanghai Daily reported. The committee will pool resources, conduct research and set standards to keep connected cars protected from both hackers who could take over control of connected vehicles as well as system failures moving forward. As connected cars communicate more and build global networks, sharing among companies and countries is likely to become increasingly important.
So what can consumers do to stay safe?
Connected Car Best Practices for Consumers:
- Make sure the vehicle manufacturer (and, by extension, salespeople) take cybersecurity seriously. Ask questions while shopping and during any repairs, and find out who’s responsible in the event of a hack or other cyber damage.
- Ensure passengers aren’t using potentially vulnerable apps that could provide vehicle access.
- Sign up for software updates and recalls from the manufacturer so you always have the most current information.
- Update all software patches immediately.
- Have your car towed to the dealer for inspection if it acts up in any way (systems or mechanics running either on their own or erratically).
- Don’t rush to adopt brand new technology. Instead, wait until it’s been road-tested for a year or two.
Plus: Connected Car Tech and Insurance
Much of connected vehicle technology is entertainment, navigation, and safety devices – features like heads-up displays, driver alertness monitoring, and parking assistance. But The Zebra’s own research recently revealed that new in-car safety and anti-theft technologies have little to no impact on car insurance rates. That is, auto insurance companies have not (or not yet) determined that these tech features impact risk in a meaningful way which should consequently adjust premiums.
Our research examined nine safety features (blind spot warning, driver alertness monitoring, collision preparation systems, lane departure warning, night vision, parking assistance, rear-view cameras, heads-up displays, and electronic stability control) and four anti-theft devices (passive disabling device, active disabling device, tracking device, and audible alarm).
Only one safety device (electronic stability control or ESC), lowered car insurance rates – though just by $5 per year. In 17 states, not one of these safety devices lowered rates. And though all anti-theft devices yielded some savings, the most was $11 per year on a national average annual premium (less than 1% savings).
Our takeaway here is that there just isn’t a lot of love between new technologies and auto insurance at the moment.
So Should You Buy Cybersecurity Insurance?
Several U.S. insurance companies currently offer cybersecurity insurance for businesses or even individuals. Coverage includes losses related to identity theft, security breaches, or money stolen electronically. It’s expensive, and many folks say unnecessary.
The auto insurance industry is now tackling the issue of how to protect owners of connected cars, and we imagine they could take cues from cybersecurity insurance coverage for businesses: lost and damaged digital assets, security breaches, and vehicle or bodily damage caused by remote hacks all need proper coverage.
And thought U.S. auto insurers might not have caught up with connected car insurance needs, the auto industry in the U.S. is working hard to establish safety guidelines for automakers producing connected cars, and consumers can and should be vigilant and careful.