Car brands must go back to cyber security school

Back in school, I remember playing pranks on the teacher which involved installing benign viruses onto their computer which displayed the lyrics to that infamous Rick Astley anthem on screen, while simultaneously blasting it at full volume line-by-line.

While that certainly elicited more than a few giggles (and a couple of half-hours in detention), cyber security threats are no laughing matter. Cars and the brands that make them are now more digitised than ever, handing cyber criminals the power to wreak untold havoc. 

Remotely hitting the brakes on every car on the M25, changing customer configurations on the production line so every car comes out bright pink – these might be absurd-sounding scenarios, but who knows what’s possible in this wild west of connected and digitised cars we find ourselves in.

In 2015, cyber criminals hacked a Jeep travelling 70mph on the highway in the U.S, only to change the stereo to blast out hip-hop music and send the vehicle careening into a ditch. The brand later fixed this loophole in a special software update, but it doesn’t stop cyber criminals from finding similar vulnerabilities in other cars in the future.

Then there’s the recent attack on Jaguar-Land Rover which was rated as the most economically damaging of its kind in UK history. Contributing to a 73-year low in car production in September as JLR scrambled to get back on its feet, the incident cost the economy over £1.5 billion and put thousands of jobs at risk.

Such a scenario was bad enough for JLR as a business; crooks were attempting to ransom highly sensitive commercial material, not just next week's staff cafeteria menu. However, manufacturers now collect mountains of customer data from GPS movements to credit card details. This once again places you and I in the firing line, meaning car brands need to revisit their days in cyber security school in order to protect us.

Customer information was recently stolen from a third-party that processes it for Renault Group. Aside from the obvious instances of identity theft and of credit card fraud, could a hack like this enable online crooks to track your car’s location and see when it’s not at your home, only to then burglarize your house when you’re not there? While this luckily didn’t happen with Renault, there’s nothing to say such an infiltration wouldn’t be possible.

Many modern cars feature built-in interior cameras – these would be ideal means to spy on your actions and conversations. In fact, the Ministry of Defence only recently warned staff about having sensitive conversations in Chinese-built cars over the fear that Beijing could be using the in-built technology to spy on the UK.

Whatever the threat, car brands won’t want to stop collecting data anytime soon; a study of 25 major manufacturers by the Mozilla Foundation revealed that 84 per cent either share or sell your personal data to third parties, making the practice incredibly lucrative.

With great power comes great responsibility and while protecting your data is certainly in a manufacturer’s best business interests, car firms must also remain accountable and liable for the information they collect and ultimately what happens to it.

The same goes for the potential hacking of vehicles themselves; autonomous driving tech hands a lot of the control over to AI networks and internal systems that are vulnerable to malicious interference. Driverless cars are about safety as much as they are about convenience, and thousands of two-tonne taxis at the mercy of a criminal’s keyboard is a sobering thought indeed.

Tell us which new car you’re interested in and get the very best offers from our network of over 5,500 UK dealers to compare. Let’s go…