How vulnerable are you behind the wheel of your connected car?

Your car provides you with more than just transportation. And criminals want at that information.

honda ridgeline interior
REUTERS/Brendan McDermid

Remember when all you had to worry about with your car is getting an oil change every 3,000 miles. Today’s connected cars are miles ahead technologically speaking of those “dumb” vehicles, but drivers could see a bumpy ride if thieves get a hold of the data the car possesses.

The Internet of Things (IoT) has created an entirely new market in the automotive industry with connected car services that are driving new recurring revenue growth and transforming the industry. And that trajectory is expected to continue, growing from $13.6 to top $42 billion by 2022.

Vehicles contain critical personal information such as personal contacts, registration and insurance details, financial information and even the address to the owner's home – making entry, theft and further damage even more of a possibility. Vehicles have become an extension of one’s connected self and the technology associated with them offers substantial benefits.

With the emergence of sophisticated technology, the nature of vehicle theft has changed. A major adversary of today’s vehicle owner is a smarter, connected and more targeted network of criminals, known as ‘Connected Vehicle Thieves’. LoJack, provider of vehicle theft recovery and advanced fleet management solutions, shows how these New Age thieves can take advantage of the technology in vehicles.

Car cloning: is an advanced form of vehicle theft, where savvy thieves create and install a fake vehicle identification number (VIN) for a stolen vehicle, allowing it to go unnoticed in plain sight. This method is primarily used to take high-end luxury vehicles and sell them overseas for profit, remaining undetected. Hackers can then use the purloined VINs to alter ownership forms, or to create false new documents to hide a stolen car’s true identity.

Vehicle-enabled ransom: One growing and increasingly lucrative type of cybercrime is the use of ransomware, where inserted malware encrypts digital data and instructs a victim to pay the criminal a ransom to restore the decrypted information. With the emergence of the connected car and vehicles being used as WiFi hot spots, vehicle-enabled ransomware is a predictable next step for hackers, exploiting this new avenue to commit digital “kidnapping”. For example, in the near future, they could easily break into a vehicle, disable the engine and brakes, and demand bitcoin to restore the car to its functional state.

Scanner boxes as smart keys: Thieves have begun carrying scanner boxes, or devices that can exploit the electronic system utilized by key fobs. These criminals can then unlock, and even start, a vehicle without even touching the key. Once the key comes in close enough range to the scanner box and is compromised. This problem has been particularly noted in Washington state.

Theft rings targeting luxury vehicles: As LoJack’s 2015 Vehicle Recovery Report demonstrates, today’s thieves are increasingly part of larger, organized crime rings targeting higher value vehicles that can then be cut up for parts, re-sold or even shipped overseas. These luxury vehicles are valued over $30,000, and some of the top vehicle models recovered in 2015 included Land Rover Range Rover, Ford F-Series, and BMW X-Series. These theft rings often utilize complex schemes, such as acquiring and copying smart keys and using stolen credit reports and false identities to illegally finance vehicles.

Remote hacking: Remote hacking made headlines last year with the infamous takeover of a Jeep Cherokee caught on video, highlighting that connected car thieves view wireless networks as the weakest link in high-tech vehicles. Features that are common in most modern vehicles, like restaurant guides and built-in GPS, are connected to a telecommunications network. As a result, modern vehicles are vulnerable to a debilitating cybersecurity attack or, worse, a complete navigation takeover.

Data leading to identity theft: These days, connected cars carry more information and personal data than ever before, making identity theft a more serious threat. Thieves are targeting your vehicle, but also the data within it, which could lead to credit card details, location information, Social Security numbers, and personal IDs like drivers’ licenses. Once this information is obtained, it’s possible for a hacker to access any of your online accounts.

Care to get in the commenting driver's seat? Head over to our Facebook page to drive a comment home.

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)