Despite 110 car models being vulnerable to one of the most prevalent digital attacks – theft of the vehicle via hacking of the keyless entry and ignition system – only 50% of drivers with keyless access are concerned about their car being stolen, a new study shows.
Research from the UK’s leading price comparison website, MoneySuperMarket, highlights the security flaws that hackers can exploit to attack your vehicle, from key jamming to phone phishing for car access. The results reveal not only the hacking methods to which your car may be vulnerable, but also the nation’s level of understanding of the overall problem.
Figures from the Office of National Statistics (ONS) show that there may be a resurgence of vehicle crimes after a long period of decline, with an overall 19% increase in vehicle crime and a 29% increase in crimes related to vehicle interference since 2014. The increasing prevalence of car technology creating opportunities for hackers is thought to be a contributing factor, making the deployment of up-to-date security measures more important than ever.
Hacking methods
One of the most common approaches used by hackers is to attack cars with keyless access. Criminals use a relay system to access the vehicle by amplifying a key signal from inside a property so that it reaches the car on the driveway.
A total of 19% of drivers already disable their keys when not in use, by either placing them into a secure holder such as a microwave or a Faraday cage to block the signal.
Additional security weak spots include:
- Phone phishing for car access – Most people are aware of phishing scams in general, but what’s less widely known is that hackers can email you malicious links that then connect to a car’s Wi-Fi features if it has them and take control
- Local remote-control apps – There are a number of car tracking apps on the market that allow users to locate, start and control their cars from their phones. While these can be handy for those with Internet-connected cars, they also open the users up to hackers who have proved they can manipulate the system to locate, unlock and even cut out the engine of nearby cars on the system remotely
- Tyre pressure monitor systems – Using low-cost, readily available equipment, hackers can use sensors inside a vehicle’s tyres to display false tyre pressure readings – and more worryingly, track the car
Driver concerns
Despite the risks, 13% of drivers are still excited about cars with automation, Wi-Fi hotspots and biometric access. However, 22% are more wary and consider this new technology to be a security threat.
And it seems those who were concerned may be right to be worried – 16% of drivers or someone they know have experienced a form of car hacking. Additionally, there is a lack of knowledge surrounding the cover available for victims of these attacks, with 79% of people admitting they don’t know whether their car insurance policy would cover them if their vehicle was hacked.
Tom Flack, Editor-in-Chief at MoneySuperMarket, commented: “Car hacking is little understood but a very real threat. Manufacturers are adding increasing amounts of technology to our vehicles and new technology comes with new risks that drivers need to understand and guard against.
“We recommend fully researching a vehicle and its capabilities and limitations before purchase and getting to know a vehicle you already own to make sure you’re aware of any potential security flaws. Sometimes an old-fashioned security method such as a steering lock, can be all that’s needed to protect against criminals.
“As far as hacking activity such as keyless theft – so-called ‘relaying’ – is concerned, insurers will pay out providing the owner/driver has taken reasonable care to protect their property. Owners of cars deemed by insurers to be a particular risk of keyless theft may find they are charged higher premiums as a result.”
To find out how you can protect against the major security flaws in vehicles on the road today and to find out more about how British drivers are responding to the issues, see the full study on the MoneySuperMarket website here.