Hackers Are Coming for Your Smart Car

As cars become smarter, people start to connect them to the internet. And when that happens, they become targets for criminals, just like any other device in the IoT ecosystem. It's a problem that has yet to reveal its full destructive potential, but it's coming this way sooner than you might think.

The IoT ecosystem is much more encompassing than it appears. Our homes now harbor all kinds of strange devices, and we don't tend to give them a second thought. We're surrounded by smart speakers, IP cameras, doorbell cameras, cleaning robots, Internet-connected fridges, routers, phones, tablets, computers, access points, and much more. This list just scratches the surface of what we might find in a modern house.

Now there's a new device connecting to our home Wi-Fi: the smart car parked in front of the house or in the garage. Some cars come with an embedded 4G communication module, allowing the car to talk with the manufacturers' servers, sending back telemetry and other data.

But cars have had the option to connect to Wi-Fi networks for some time, and more people have started to do so. It's especially important if you want to update the software, the maps or some other component. For example, Tesla recommends leaving Model 3 connected to a Wi-Fi network whenever possible, and many people have already taken that advice.

Everything connected to the internet is vulnerable

If there's one thing we should always keep in mind it’s that no device or software is invulnerable. Security researchers are constantly plugging vulnerabilities and exploits; the same is true for smart cars.

The Bitdefender IoT platform is already built into several routers, including Netgear. The embedded security solution scans networked devices for vulnerabilities and informs users when they are found. It can also block malicious traffic and suspicious behavior of connected devices, such as DDoS attacks. The platform also provides extremely useful insight into emerging threats and outbreaks.

We examined the 30 days from Sept. 5 to Oct. 5, 2022, looking for attacks on cars, and checked out if the security platform found any vulnerabilities. The results are worrisome, to say the least.

Hackers are already looking for vulnerabilities

Communication through open ports is one of the biggest problems any internet-facing device encounters, including the entire IoT ecosystem. Sometimes, users and manufacturers leave open device ports, facilitating attacks.

Our analysis showed that 86 percent of smart car security incidents involve scanning for open ports. An application, possibly malware, is scanning for opened ports inside the Wi-Fi network, which is never a good sign.

Next on the list are DDoS attacks (flooding target networks with useless traffic to choke the services hosted), with 7 percent, and command injection attacks, with 2 percent. These numbers tell us that criminals have started looking for issues with smart cars, and the more they start to replace traditional cars, the bigger the threat will become.

As for what types of cars are currently caught in these scans, it's no surprise that Tesla leads the pack, with more than 60 percent of connected cars. It's mainly a function of what people buy, but the ranking has started to shift in the past six months with the appearance of Ford Edge in the number two spot, with over 30 percent.

Most security problems detected by Bitdefender are unpatched vulnerabilities and issues with basic authentication protocols. With some cars, communication between the user and the car takes place directly over HTTP, which is entirely unsecure.

One of the most important takeaways is that people have the option to protect their phone or laptop by installing a security solution, but there’s no such option for IoT devices. And that’s all the more problematic when we add cars to that list. The only way to protect your car is to have a security solution that can protect your entire network architecture.

Smart car owners now have to take care of their cybersecurity needs and not just worry about the regular issues drivers face every day. That means investing in a powerful router with an embedded security solution that can both warn and protect users. And, of course, it's paramount to keep all IoT devices up to date with the latest patches, especially now that cars are part of that ecosystem.