Thomas J Nagel – CISSP, CPTS, SSCP

🚨 The Hidden Danger in Your Car: Hackers Are Driving Too

🚨 The Hidden Danger in Your Car: Hackers Are Driving Too
Modern automobiles are no longer just mechanical machines—they are complex. Our cars are evolving into highly connected computers on wheels, with advanced infotainment systems, telematics, wireless updates, and autonomous features. While these innovations improve convenience and safety, they also create new cyberattack surfaces.

Hackers and researchers have already demonstrated the ability to remotely access brakes, steering, and engine controls in some vehicles. While widespread attacks are still rare, the potential consequences—ranging from theft to endangering lives—are real and growing as vehicles become more connected.

Some notable examples:

  • Jeep Cherokee Hack (2015): Security researchers remotely disabled brakes and controlled the vehicle via its infotainment system.
  • Tesla Remote Exploits: Multiple vulnerabilities have allowed remote access to Tesla vehicles’ systems, prompting over-the-air patches.
  • Keyless Entry Exploits: Relay attacks allow thieves to unlock and start cars without physical keys.
As vehicles integrate 5G, IoT, and V2X (vehicle-to-everything) communications, the attack surface expands exponentially. Unlike traditional IT, these vulnerabilities can have life-or-death consequences.

Mitigation requires a multi-layered approach:

  • Strong encryption and authentication for all communications
  • Secure software update mechanisms
  • Continuous monitoring for anomalous behavior
  • Collaboration between manufacturers, regulators, and cybersecurity experts
This isn’t science fiction. The automotive industry, regulators, and consumers must prioritize cybersecurity as seriously as safety recalls. From stronger encryption to secure software updates.

protecting our cars from cyber threats is the next frontier of transportation safety

The bottom line: As our cars get smarter, cybersecurity must be treated as a critical safety feature, not an afterthought. Driving into the future safely depends on it.

How you can protect yourself:

  • Install every software/firmware update your dealer or OEM pushes. Modern attacks often exploit known bugs that manufacturers patch; updates are the single best defense.
  • Turn off or limit unused wireless features (Wi‑Fi hotspot, Bluetooth, remote/telemetry features) when you don’t need them. Fewer radios = fewer entry points.
  • Protect your key fob from relay attacks — store keys in a Faraday pouch or metal container at home (or keep them away from doors/windows). Consider disabling “passive” keyless‑entry if your car allows it.
  • Don’t plug unknown devices into your OBD‑II port or infotainment USB ports (e.g., free chargers, diagnostics from unknown sellers). Untrusted devices can inject commands or deliver malware.
  • Use strong, unique passwords and enable MFA on any app or account that controls car functions (manufacturer apps, connected‑car services). Treat the car’s cloud account like a bank account.
  • Review app permissions and data sharing in your vehicle’s connected‑car app — remove access you don’t need and opt out of telemetry where possible.
  • Park defensively and use physical deterrents (garage, steering‑wheel lock, alarm). Physical access is often required for the most powerful attacks.
  • Monitor recalls & security advisories for your make/model — sign up for OEM notifications and check NHTSA recall pages periodically.
  • If buying used, get software re‑flashed/reprogrammed at the dealer so you don’t inherit old keys, accounts, or insecure firmware.
  • Treat diagnostic sessions carefully — authorize trusted shops and avoid handing over your keyless fob or device unnecessarily.

Recommendations to the automotive industry:

Regulators and industry recommend a layered security approach: strong network segmentation (separating infotainment from safety systems), authenticated and signed OTA updates, intrusion‑detection capabilities on vehicle networks, and secure key management. These are the things that reduce risk at scale.

Practical buyer questions to ask a dealer:

  • “How does this vehicle get security updates (dealer vs. OTA) and how often?”
  • “Are critical components (infotainment, telematics) logically isolated from braking/steering ECUs?”
  • “Can keyless entry be disabled or configured for extra safety?”
Asking these pushes manufacturers to prioritize security in purchasing decisions.

If you suspect your car has been HACKED:

  • Stop driving safely — pull over to a safe place.
  • Turn the vehicle off and remove power to the systems if safe to do so (some attacks persist only while the vehicle is on).
  • Contact the dealer immediately and report the symptoms; document timestamps and unusual behavior (messages, lights, functions).
  • If you think a crime is involved (theft, remote control), call law enforcement.
  • Preserve evidence (don’t hand the car to an unknown mechanic) and ask the dealer for a forensic diagnostic.