Hopping into an Uber or a Car2Go is a great way to get around. Unfortunately, hackers agree, exploiting weaknesses in apps to go on “phantom rides” with someone else’s profile.
From such trips — like a man in Australia who went on more than 30 free drives on the GoGet car-sharing platform before being arrested — to vehicle theft and taking wireless control of cars, reported attacks on smart cars have ballooned six-fold over the past four years, according to research from cyber-security platform Upstream Security Ltd.
While companies have taken note, with Daimler’s Car2Go car sharing beefing up security measures after a limited number of accounts were hacked, risks around vehicle cybercrime are only going to get worse. Connected cars are forecast to double to 775 million by 2023, according to Juniper Research, enlarging the pool of convenience features such as keyless entry, apps to turn on heating remotely and smartphone connection via bluetooth.
“Each new service connected to a vehicle is a new potential entry point for hackers,” Upstream wrote in a report published last week. “Worst-case scenarios are loss to business earnings, theft, data privacy or property damage.”
Carmakers from Mercedes-Benz maker Daimler to Toyota are pursuing digital services as potentially lucrative additional sources of revenue, as well as keeping pace with growing competition from the likes of Uber Technologies. Daimler and BMW are in the process of combining their car-sharing platforms, to build a far broader suite of services including a ride-hailing app, electric-car charging and digital parking services.
Car-sharing platforms lack adequate protection, said cybersecurity and anti-virus provider Kaspersky Lab after testing 13 apps from Russia, the U.S. and Europe. Most of them allowed for weak passwords, didn’t protect against reverse engineering, and failed to stop phishing attempts, according to a July report that didn’t name the services tested.
In the race to thwart cybercriminals, carmakers regularly invite software experts to test the robustness of their setups. While phantom rides are relatively harmless, hacks can be far more dangerous. In 2015, Fiat Chrysler Automobiles recalled 1.4 million cars and trucks after Wired magazine published a story about software programmers who were able to take over a Jeep Cherokee as it was driven on a Missouri highway.