Hacked: Real-Life Stories of Connected Cars Gone Bad

Our groundbreaking report, The Connected Car: Who is in the Driver’s Seat?, released for the Office of the Privacy Commissioner in March of this year, warned that data culled from these new, smarter vehicles could be misused by identity thieves, voyeurs, stalkers and others with malicious intent.

The report concludes that we need to get serious about setting auto industry privacy and data security standards – and that now is the time to do it.

It didn’t take long for the first major remote car hack to take place and highlight the need to act quickly. In July of this year, Wired featured an article that described hackers demonstrating extremely fine-tuned remote control over a now-recalled (in the U.S.) Jeep Cherokee.

The Jeep hackers—who were, luckily, working with the public interest in mind—were able not only to adjust radios, kill engines, and abruptly engage or disable brakes; they were also able to surveil vehicles. They were able to track these Connected Cars’ GPS coordinates, measure their speed, and even trace their routes through a mapping application.

As Wired put it, “Automakers need to be held accountable for their vehicles’ digital security.” As quoted in their article, Connected Car hacker Charlie Miller warns: “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone.”

Opportunities to hack or monitor Connected Cars will continue to grow, unless we push for standards to protect our data. It is becoming all the more common for cars to include functions like navigation, vehicle health diagnostics, and behavioural monitoring of drivers, in addition in customized on-board news, social, and entertainment features.

“The same technologies that create this data also create new security risks,” states the Connected Car report. “Besides exposing vehicle operations to malicious hacking through new wireless entry points, they are creating huge new databases of personal data that is vulnerable not only to unauthorized access but also to unexpected use by governments, law enforcement agencies, insurers, and others seeking to identify, monitor, or take action against individual drivers or car owners.”

If you’re considering purchasing or driving a Connected Car in the near future, be sure to check out our report, and to look out for some of the new tools for consumers that we hope to release in the next few months.

Read more from the August 2015 Bulletin »