As technology advances, carmakers have integrated smartphone interfaces like Apple CarPlay and Google Android Auto, allowing drivers to control various features from their phones
Automakers need to do more to boost the cybersecurity of vehicles that rely on over-the-air software updates, according to a cybersecurity expert, as current technology leaves these vehicles vulnerable to remote manipulation without the owner’s knowledge.
Modern cars are increasingly connected to the internet, with many essential functions, such as remotely starting the engine or adjusting the air conditioning, being controlled via smartphone apps. Communication between a driver’s phone and the car typically occurs through the cloud, and manufacturers also use this technology to send software updates directly to vehicles. However, this constant connectivity has opened new avenues for potential cyberattacks.
“There have been several instances where cybersecurity experts successfully sent commands to a vehicle remotely using an unauthorized account,” said Liz James, a consultant at IT security firm NCC Group, which works with several European carmakers. “Purely from the design of an always-connected vehicle, that threat, which didn’t exist before, now does.”
The risk was highlighted earlier this year at the Automotive World conference in Tokyo, where hackers competed to break into Tesla vehicles for prize money. In 2022, a German teenager made headlines by remotely hijacking some functions of Tesla EVs, such as opening and closing doors, controlling the car’s music, and disabling security features.
As technology advances, carmakers have integrated smartphone interfaces like Apple CarPlay and Google Android Auto, allowing drivers to control various features from their phones. Meanwhile, automakers are developing their own operating systems for greater control. Toyota is set to launch its “Arene” system in 2025, while Volkswagen is working on its “VW.os.” Honda and Nissan also recently partnered to develop software-defined vehicles.
James Hong, an analyst at Macquarie Securities Korea Ltd., pointed out the challenges automakers face as they rush to create reliable and secure platforms. “Automakers are desperate to develop their own software and hardware platforms in order to keep and monetize data, but the development of well-functioning and safe platforms is proving tough,” Hong said.
Unlike tech companies such as Apple, which has more robust protection against cyberattacks, automakers are relatively new to the world of digital platforms and cybersecurity.
In a move to address these concerns, Toyota, Hitachi, and around 100 other companies in Japan have pledged to create unified rules for software in smart cars to prevent cyberattacks. This collaboration aims to enhance security across the industry, ensuring that connected vehicles remain safe from external threats.
