As car manufacturers move to make their vehicles more and more e-interactive, experts say this opens their owners up to cyber criminals as hackers develop creative new ways to take control of their vehicles, snatching their identity and generally cause havoc.
Hungry for a percentage of driver's purchases of gas, fast food etc, automakers are quickly working on developing e-commerce friendly dashboards. Ford already has an app that allows drivers to order pizza from Dominos using voice controls and smart phones, while General Motors, not to be outdone, offers AtYourService which allows drivers to book a hotel through Priceline.com using voice commands, and alerts them of Dunkin’ Donuts’ deals.
Auto practice Vice president at Gartner, Thilo Koslowski, said by the year 2020, 40 percent of new vehicles will allow drivers to shop while driving. But, he warned, that while "today the motivation for hacking a car is mischief, with an objective of hurting people or car companies" in the future “the car will definitely be viewed as a vulnerable device" by cybercriminals hungry for identity information.
He said new cars with interactive capabilities will present a rich target, with hackers trolling for personal details like home addresses, e-mail information and credit card numbers.
The majority of cars sold currently lack inbuilt technology for e-commerce but according to IHA Automotive researchers, by 2022, 82.5 million autos will be Internet connected.
Richard Crone, who runs Crone Consulting LLC, said within five years, smartphone connected dashboard "buy buttons will start being a norm on many new vehicles, giving drivers the ability to place orders at retailers without physically using their phones.”
Already car hackers have shown the way of the future. Over the last few months two security experts managed to hack into a Jeep Cherokee’s infotainment system, taking control of the transmission and engine. In another incident, a security researcher hacked into OnStar, using GM’s RemoteLink app in a 2013 Chevrolet Volt, allowing him to unlock the vehicle and start its engine.
“This has been a bit of a blind spot for automakers,” said Mark Boyadjis, an IHS technology analyst.
Ryan Smith, chief scientist for cybersecurity company Optiv, said giving access to third parties through car apps will "invite thieves along for the ride."
“When payment systems come online inside of cars, it will be an attack surface that attackers will start looking at and poking. You’re going to see the entire spectrum of fraud inside these vehicles.” said Smith.