Security experts have an idea of what attracts hackers, based on what they can surmise from hackers' current capabilities and the kinds of threats other connected industries have dealt with. Only a minority of criminals would be motivated by physical attacks -- money will be a much stronger motivator, said Andre Weimerskirch, vice president of cybersecurity at Lear Corp.
"Attackers will try to find exploits that provide a financial incentive, and it seems that safety-critical attacks don't provide any obvious monetary return," Weimerskirch wrote in an email to Automotive News.
Here's what hackers could do for money, according to Weimerskirch:
- Remotely unlock a vehicle and steal it.
- Charge drivers ransom in exchange for regaining control of their car.
- Crack into cellphones connected via USB ports and steal credit card information, or use location data and apps to break into the driver's home.
Vehicle connectivity also can help hackers locate police cars or listen to conversations via Bluetooth microphone, Smith said.
"Conversations in the back of a limo can hold a lot of value," he wrote. "That's much more interesting for an attacker."
Many cars on the road today have the ability to wirelessly communicate both internally between vehicle components and externally with other devices such as cellphones and laptops. In 2020, IHS Automotive estimates, 55 percent of new vehicles sold globally will be connected, and about half of cars on the road will have some level of connectivity.
Connectivity makes cars vulnerable to outside hacks. Though the number of connected vehicles has grown quickly, only about 40 percent of automakers have a dedicated cybersecurity unit, according to a survey conducted by McKinsey & Co., and less than half of automakers said their cybersecurity team was well-prepared to handle hacking threats. Nearly 85 percent rated their exposure risk to cybersecurity threats at medium to high.
To defend against attacks, automakers need to constantly monitor vehicles for software bugs and potential weaknesses and be able to "triage" issues as they appear via processes such as over-the-air updates, Smith said. Open communication within the industry also can help automakers identify potential vulnerabilities before they are exploited by a hacker.
"Vehicles are now mainly software," he said. But it will be impossible to prevent every problem, he said. "Even if you do everything right, something could have a bug in it somewhere down the road."