Connected Cars Leave Data Vulnerable to Hackers

WDET’s Jennifer Weingart speaks to Cyber Security expert Adam Meyer about connected cars.

Advances in connected car technology are leaving vehicles vulnerable to hacking. Cyber Security was a topic a panel Wednesday at the North American International Auto Show.

Adam Meyer is a cyber security expert with CrowdStrike. He spoke to WDET’s Jennifer Weingart about how drivers and automakers can protect themselves.


Jennifer Weingart: Is there anything that drivers or consumers can do to protect themselves, protect their personal cars?


Adam Meyer: That’s a great question. I think that drivers, consumers, need to be aware of what technology they’re implementing in the vehicle and really think about what things they’re using and what that’s talking to.

If you look at a mobile device it collects an incredible wealth of information about, even how you walk, how you talk. The car’s gonna do similar things and so just understanding what features are on the vehicles you’re purchasing, what features you’re adding to your vehicle and then making sure that you think very carefully about how you’re using the vehicle and how you’re using those features in order to protect yourself.

So, kind of the principle of least sharing is the thing that you want to right? So you know, not provide extra …you do this with your smartphone today hopefully…not allow it to have GPS if it doesn’t need GPS, don’t allow it to have access to your contacts if it doesn’t need it. So look for the principle of least privilege and make sure that you’re protecting your data appropriately.


JW: Ok, and this might sound a little bit doomsday but what’s the worst case scenario as far as connected cars and what could happen if their data is breached?


AM: Worst case scenario? Your car kills you.

Aright. I mean if a car is connected it’s got automation, it’s self-driving or it’s got self parking features these things can be disrupted.

I think if you look at what happened in with the researchers at Tencent and their work on Tesla back in September really good indication. They were able to go through the wi-fi, into the browser, over to the CAN bus–which is where all of the systems of the car talk, think of it as like a chat room for your brakes and your windows and your windshield wipers– and they were able to engage the brakes while the car was in motion, reportedly. So, you know, the worst case scenario you car kills you.


JW: As far as car companies that are out there now who’s leading the industry in this sort of data safety and who’s falling behind?


AM: I don’t think that we have a really good perspective on that right now. I think, look at who’s leading the industry in terms of features and technology and functionality and that’s probably the one that you need to take a hard look at by being cutting edge you’re really in an uncharted water and so there’s gonna be potential to expose vulnerabilities that you weren’t aware of or things that you hadn’t really thought through when it gets introduced into the real world. So I think that’s probably where you want to focus the attention.


JW: So there’s a lot of opportunity in that for innovation but there’s also a lot of threat in safety?


AM: Oh, absolutely. With any new technology, with any innovation there’s always gonna be some new potential vector for some threat actor to do something.