A recent survey from auto shopping and research site CarGurus.com asked consumers questions about their knowledge of connected car security. The results were startling: consumers scored an average grade of a failing 49%.

When this is paired with Upstream’s data showing that connected-car attacks have increased six-fold from 2014-2018. It suggests that consumers haven’t been able to keep up with connected car technology,  despite their increasing adoption rates.

Smartphone Syncing Takes Driver’s Seat in IoT

For many drivers, vehicle-smartphone integration is one of the easiest ways to connect to their car. Of those surveyed, a majority of connected car owners have synced their smartphones to a connected car (70%).

Android Auto and Apple CarPlay make it easier for drivers to sync their phones. Google introduced Android Auto in 2015, and this technology is available standard with many major OEMs.

Apple introduced CarPlay in 2014, and the same is true, with more than 200 automakers worldwide supporting it.

Despite the high number of survey respondents that have synced their phones in the past year, few saw connecting to their cars this as a security threat. While 45% of respondents saw smartphones as a significant data security threat, only 22% saw the same threat in connected cars.

The security risks of connected cars.

Now that most new cars operate like a computer on wheels, they — like other connected devices– become vulnerable to malicious actors. However, there’s a lot more at stake than just having a password stolen. Serious issues such as safety come into play with connected-car security.

Back in 2015, Charlie Miller and Chris Valasek exploited a security flaw in Jeep’s Uconnect system that allowed them to take control of a 2014 Jeep Cherokee, ultimately cutting the engine.

Even though the Jeep car hack was quite popular, of the respondents that also owned connected cars, 61% didn’t know that multiple parts of their vehicle were vulnerable to hackers. Hackers can access other vehicle parts, including the engine, brakes, steering wheel, windows, and infotainment system.

Hackers can also access a car’s key fob. Yet only 33% of connected car owners were aware of this as compared to 95% of respondents who identified a smartphone as being accessible to hackers.

The good news is that respondents were aware of some of the risks associated with connected cars.

The respondents were aware, especially when it comes to data. When drivers sync their phones to their cars, their data is stored in the car’s infotainment system. Sixty-five percent of respondents correctly identified that the owner is responsible for removing this data by restoring factory settings.

How to protect your connected car.

Consumers have become used to push notifications, alerting them to necessary security updates for their phones, laptops, tablets, and any other devices. With one tap, consumers can update their device and only have a minor inconvenience of waiting for their devices to reboot.

Perhaps people believe that all security updates are this easy, but it should be noted that the auto industry is still catching up. Ensuring that consumers get the necessary updates can be difficult.

While several automakers implement over-the-air updates, the majority don’t. As a result, there’s no guarantee that consumers will get notified unless it’s for a recall.

Tips to Protect Your Data

Without a standard operating procedure across automakers, consumers must take the initiative to learn how to protect their data. The editors at CarGurus identified some key ways they can do this:

  • Stay up to date with recalls and updates. Address any recalls that strengthen security. Consumers can also verify if their vehicle accepts over-the-air updates or if it requires manual input from a dealer.
  • Restore factory settings. When returning a rental car or trading in a vehicle, consumers should factory reset the car’s information systems. Resetting will ensure that any of their personal information — like contact list or visited locations — are deleted.
  • Use strong passwords for all apps. It’s been said before, but we’ll repeat it. Smartphones that sync to connected cars are also vulnerable to hackers. Using strong passwords for all of your apps provides an extra layer of security.
  • Turn off passive entry. This feature allows the driver to walk up to the vehicle and have it automatically unlock. Drivers can disable this feature through the car’s app or settings menu. If consumers find they can’t (or don’t want to), placing their key fob in a foil-wrapped container can block signals from hackers.

The Future of Connected Cars

Automakers will continue to innovate in-car technology to improve convenience and safety to offer the best possible driver experience. With that innovation, vehicles will have more access to personal data.

For example, GM is spearheading its Marketplace app, available since December 2017 as part of an over-the-air update. It lets drivers place orders at their favorite restaurants, like Dunkin’, without leaving their cars.

The aim is boosting convenience, allowing drivers to place an order without picking up their phones or leaving the car.

To access these conveniences, drivers will have to give up more of their privacy and personal data. And as our survey shows, consumers’ lack of awareness (or just their laziness) of the threats associated with this could leave them exposed.

However, in a sign that progress is being made, twenty automakers have joined the Auto Alliance to uphold agreed-upon privacy protection principles.

Research Survey Methodology 

CarGurus surveyed 1,020 automobile owners. Among them, 264 own a connected vehicle. The study was comprised of two parts: (1) surveying consumers’ connectivity habits and perceived threats of connected technologies and (2) testing consumers’ knowledge of data security vulnerabilities and best practices.