When this is paired with Upstream’s data showing that connected-car attacks have increased six-fold from 2014-2018. It suggests that consumers haven’t been able to keep up with connected car technology, despite their increasing adoption rates.
For many drivers, vehicle-smartphone integration is one of the easiest ways to connect to their car. Of those surveyed, a majority of connected car owners have synced their smartphones to a connected car (70%).
Android Auto and Apple CarPlay make it easier for drivers to sync their phones. Google introduced Android Auto in 2015, and this technology is available standard with many major OEMs.
Apple introduced CarPlay in 2014, and the same is true, with more than 200 automakers worldwide supporting it.
Despite the high number of survey respondents that have synced their phones in the past year, few saw connecting to their cars this as a security threat. While 45% of respondents saw smartphones as a significant data security threat, only 22% saw the same threat in connected cars.
Now that most new cars operate like a computer on wheels, they — like other connected devices– become vulnerable to malicious actors. However, there’s a lot more at stake than just having a password stolen. Serious issues such as safety come into play with connected-car security.
Back in 2015, Charlie Miller and Chris Valasek exploited a security flaw in Jeep’s Uconnect system that allowed them to take control of a 2014 Jeep Cherokee, ultimately cutting the engine.
Even though the Jeep car hack was quite popular, of the respondents that also owned connected cars, 61% didn’t know that multiple parts of their vehicle were vulnerable to hackers. Hackers can access other vehicle parts, including the engine, brakes, steering wheel, windows, and infotainment system.
Hackers can also access a car’s key fob. Yet only 33% of connected car owners were aware of this as compared to 95% of respondents who identified a smartphone as being accessible to hackers.
The respondents were aware, especially when it comes to data. When drivers sync their phones to their cars, their data is stored in the car’s infotainment system. Sixty-five percent of respondents correctly identified that the owner is responsible for removing this data by restoring factory settings.
Consumers have become used to push notifications, alerting them to necessary security updates for their phones, laptops, tablets, and any other devices. With one tap, consumers can update their device and only have a minor inconvenience of waiting for their devices to reboot.
Perhaps people believe that all security updates are this easy, but it should be noted that the auto industry is still catching up. Ensuring that consumers get the necessary updates can be difficult.
While several automakers implement over-the-air updates, the majority don’t. As a result, there’s no guarantee that consumers will get notified unless it’s for a recall.
Without a standard operating procedure across automakers, consumers must take the initiative to learn how to protect their data. The editors at CarGurus identified some key ways they can do this:
Automakers will continue to innovate in-car technology to improve convenience and safety to offer the best possible driver experience. With that innovation, vehicles will have more access to personal data.
For example, GM is spearheading its Marketplace app, available since December 2017 as part of an over-the-air update. It lets drivers place orders at their favorite restaurants, like Dunkin’, without leaving their cars.
The aim is boosting convenience, allowing drivers to place an order without picking up their phones or leaving the car.
To access these conveniences, drivers will have to give up more of their privacy and personal data. And as our survey shows, consumers’ lack of awareness (or just their laziness) of the threats associated with this could leave them exposed.
However, in a sign that progress is being made, twenty automakers have joined the Auto Alliance to uphold agreed-upon privacy protection principles.
CarGurus surveyed 1,020 automobile owners. Among them, 264 own a connected vehicle. The study was comprised of two parts: (1) surveying consumers’ connectivity habits and perceived threats of connected technologies and (2) testing consumers’ knowledge of data security vulnerabilities and best practices.