Your car no longer runs on petrol and pistons alone. It runs on code, and code can be cracked. If cars are now packed with sensors and software, then the same rule that applies to laptops now applies to cars: anything connected can potentially be hacked. So, how do you stay ahead of the hackers?
Recently, Ferrari released details of its new EV interior. Designed by ex-Apple legend Jony Ive, the inside of the Luce (as it’s called) looks a lot like an iPhone. And while there are loads of tactile dials and knobs, and less touch screen control that takes your eyes off the road, it’s aesthetic shares all the angles and smooth edges of a smartphone.
It seems we’re reaching a convergence point between cars and computers. Today’s cars can be seen as software, sensors and wireless signals moving at speed. In fact, by some industry estimates, they can contain more than 100 million lines of code. That’s more than a commercial airline carrier!
And while every line of code is an opportunity for innovation, it’s also, potentially, an opportunity for vulnerability. In other words, if your car is more and more like a computer, then your car – like a computer – can be hacked.
From remote unlocking to tracking to malicious braking scenarios, it’s hard to know what’s real and what’s hype. So, here’s our take on what you should be worrying about, and what you can do about it.
There was a time when ‘car trouble’ meant something tangible and physical, like a worn fanbelt or a flat tyre. Today, your car contains dozens of microprocessors. It connects to satellites, cell phone towers, Bluetooth devices and cloud servers. It receives updates, logs data, authenticates keys wirelessly, and communicates with the manufacturer’s systems.
A typical connected car now includes:
For the sake of safety, most of these systems are designed to be segmented, but they still rely on software – and software, by definition, is vulnerable. So where do the real-world risks really lie?
Not every clever car hacking scenario on the big screen is based on the truth, but there are certain vulnerable entry points that you should be aware of.
Here’s a list of what’s hackable:
What’s far less likely are those Hollywood-style remote braking or steering attacks. These take sophisticated access, and so far have only been successful under controlled conditions. So, while the risk is real, the reality is less roguish.
Having said that, in 2015, cybersecurity researchers famously demonstrated a remote hack on a Jeep Cherokee by manipulating its infotainment unit. The manufacturer sent out a recall and did a software patch. Since then, cybersecurity, encryption and system segmentation have all become standard in smart cars.
Today, the most common connected-car crimes are less dramatic and more opportunistic, like phishing attacks that target vehicle apps, identity theft linked to connected services, and resale fraud through cloned digital keys.
Cybercrime rarely features a hooded hacker hunched over a keyboard in a darkened basement. It looks more like someone who’s simply out to exploit our tools of convenience. They’re looking for weaknesses in key systems, so let’s take a look at what they’re after.
Connected cars offer three things criminals value most: access (through remote unlock capability), data (through geolocation and behavioural patterns), and anonymity, so a hack can scale quickly without detection.
As cars integrate increasingly with smartphones and cloud systems, the attack surface simply expands. That doesn’t mean you should panic. It just means you should be more aware.
We already hack-proof our phones and laptops. As with your phone, so with your car. Just apply the same practices to protect your ride.
Here are some simple ways to keep your car safe:
None of these are particularly dramatic or demanding, but they all do reduce risk. And risk itself is shifting as insurers relook car insurance.
In the past, car insurance covered risks that were based on human behaviour and physical factors like speed, accident and claims history, location, and type of car. But as cars become increasingly software-based, risk has changed to accommodate system malfunctions, data compromise and remote access exploitation.
Insurers and actuaries around the world are factoring in how software integrity, update compliance and digital access control can change their risk models going forward. Because risk is now a mechanical-digital hybrid, and insurance needs to meet that moment.
Thankfully smart cars are no less safe than trad cars. In fact, connectivity often enhances driving safety. Think of collision avoidance systems, automatic emergency braking and real-time diagnostics.
And the truth is that hackers are unlikely to ever gain control of your car – because for every system weakness, ethical hackers will be brought in to break the system and then rebuild it.
On top of that, we have one of the most advanced car tracking industries in the world because we have the dubious honour of being a hijacking hotspot. Tracking is pretty much a standard in SA, with millions of cars fitted with telematics and connected through apps.
But safety aside, every tech leap is going to need us to relook the real risk landscape around us. We don’t stop driving because our cars now contain computers. We simply move beyond tyre pressure and brake pads to passwords and software patches. Other than that, the road ahead looks pretty much the same.
At Miway, we know that driving has always involved uncertainty. It’s the nature of both man and machine as we hurtle towards the future.
But we also know that insurance needs to keep up with how cars are evolving and how our environment is changing. Whether it’s a pothole, a distracted driver or a code vulnerability, the principle is pretty much the same: be prepared for the unexpected.
