Canadian Cyber Security Journal
Filed under: News, TechTalk, Trends

Connected vehicles at risk of hacking, Markham cybersecurity expert warns

TORONTO — Blasting the heat with a remote sensor before you even get into your vehicle on a brisk winter morning is a welcome convenience. So are the comforts of lane assistance, voice command, Bluetooth and Wi-Fi.

But experts warn modern, connected vehicles, which are heavily packed with microchips and sophisticated software, can offer an open door to hackers.

These cars are vulnerable to hackers stealing sensitive information or even manipulating systems such as steering wheels and brakes, said Robert Falzon, head of engineering for Markham, Ont.-based cybersecurity solutions company Checkpoint Canada.

“Cars are tracking how fast you’re going, where you’re going, what your altitude is — and all the different pieces of information are being calculated … It’s all computerized,” he said.

“Unfortunately, security is not always the primary thought when these (features) are developed.”

A global automotive cybersecurity report by Upstream shows remote attacks — which rely on Wi-Fi, Bluetooth and connected networks — have consistently outnumbered physical attacks, accounting for 85 per cent of all breaches between 2010 and 2021.

That proportion grew to 97 per cent of all attacks in 2022, the report said.

There’s a growing concern about privacy breaches among connected cars, experts added.

“Let’s say someone is driving on the highway and the doors get locked, the car speeds up and the (driver) gets a message asking for bitcoin or they’ll crash the vehicle,” said AJ Khan, founder of Vehiqilla Inc., a Windsor, Ont.-based company offering cybersecurity services for fleet cars.

“That scenario is possible right now.”

Khan added any car that can connect to the internet, whether gas-powered or electric, could be at risk of hacking.

But electric vehicles are particularly vulnerable to cybersecurity thefts.

Researchers at Concordia University in Montreal found significant weaknesses in their 2022 study of public and private EV charging stations across Canada — all of them connect to the internet. The study showed breaches could affect drivers, power stations and the power grid they are connected to.

“The reason why there are a lot of vulnerabilities is because vendors and operators are rushing to deploy the infrastructure to meet the demand,” said Chadi Assi, information systems engineering professor and research chair at Concordia University.

“As a result, cybersecurity was an afterthought and it was not part of the design of the infrastructure,” he added.

Enjoy this article? Don’t forget to share.