Blasting the heat with a remote sensor before you even get into your vehicle on a brisk winter morning is a welcome convenience. So are the comforts of lane assistance, voice command, Bluetooth and Wi-Fi.

But experts warn modern, connected vehicles, which are heavily packed with microchips and sophisticated software, can offer an open door to hackers.

These cars are vulnerable to hackers stealing sensitive information or even manipulating systems such as steering wheels and brakes, said Robert Falzon, head of engineering for Markham, Ont.-based cybersecurity solutions company Checkpoint Canada.

B次元官网网址淐ars are tracking how fast youB次元官网网址檙e going, where youB次元官网网址檙e going, what your altitude is B次元官网网址� and all the different pieces of information are being calculated B次元官网网址� ItB次元官网网址檚 all computerized,B次元官网网址� he said.

B次元官网网址淯nfortunately, security is not always the primary thought when these (features) are developed.B次元官网网址�

A global automotive cybersecurity report by Upstream shows remote attacks B次元官网网址� which rely on Wi-Fi, Bluetooth and connected networks B次元官网网址� have consistently outnumbered physical attacks, accounting for 85 per cent of all breaches between 2010 and 2021.

That proportion grew to 97 per cent of all attacks in 2022, the report said.

ThereB次元官网网址檚 a growing concern about privacy breaches among connected cars, experts added.

B次元官网网址淟etB次元官网网址檚 say someone is driving on the highway and the doors get locked, the car speeds up and the (driver) gets a message asking for bitcoin or theyB次元官网网址檒l crash the vehicle,B次元官网网址� said AJ Khan, founder of Vehiqilla Inc., a Windsor, Ont.-based company offering cybersecurity services for fleet cars.

B次元官网网址淭hat scenario is possible right now.B次元官网网址�

Khan added any car that can connect to the internet, whether gas-powered or electric, could be at risk of hacking.

But electric vehicles are particularly vulnerable to cybersecurity thefts.

Researchers at Concordia University in Montreal found significant weaknesses in their 2022 study of public and private EV charging stations across Canada B次元官网网址� all of them connect to the internet. The study showed breaches could affect drivers, power stations and the power grid they are connected to.

B次元官网网址淭he reason why there are a lot of vulnerabilities is because vendors and operators are rushing to deploy the infrastructure to meet the demand,B次元官网网址� said Chadi Assi, information systems engineering professor and research chair at Concordia University.

B次元官网网址淎s a result, cybersecurity was an afterthought and it was not part of the design of the infrastructure,B次元官网网址� he added.

Assi explained an EV owner usually connects with the charging station through an easily accessible mobile app. But many of these third-party apps had security holes, the Concordia study found.

In 2022, the number of automotive application programs-related attacks accounted for 12 per cent of total incidents, despite advanced cybersecurity, the Upstream report shows. The trend was up by 380 per cent compared with 2021.

One such vulnerability, Assi said, is that the protocol used for communication between the cloud management system B次元官网网址� which processes payments, among other important functions B次元官网网址� and the charging stations may not be encrypted.

B次元官网网址淚f youB次元官网网址檙e making payments (at a charging station), those and any private information you put can be transmitted in plain text,B次元官网网址� he said, making sensitive information susceptible to theft.

If a charging station is compromised, Assi said, a customerB次元官网网址檚 private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery B次元官网网址� the most expensive part of an electric vehicle.

Electric vehicle charging station-related breaches accounted for four per cent of cyberattacks on connected cars in 2022, the Upstream report said.

B次元官网网址淎nother critical aspect of cybersecurity in this ecosystem is the power utility itself,B次元官网网址� Assi said.

If a hacker synchronizes multiple charging stations and turns the charging of cars on and off, the power grid could be destabilized, he explained.

Assi said these shortcomings were flagged to manufacturers last year.

An August 2021 global standard was established to guide automakers in managing cybersecurity, risks including electronic control units, software and various vulnerable points of attack such as Wi-Fi and Bluetooth.

Manufacturers are working to strengthen cybersecurity in vehicles, Khan said.

But even the cat-and-mouse race to outdo hackers fails when intruders manage to find one weak spot B次元官网网址� which may allow them access to other connected vehicles.

B次元官网网址淎uto cybersecurity is a very new field,B次元官网网址� Khan said, adding the risk will persist with the ever-changing software potentially bringing newer vulnerabilities.

Still, the biggest challenge lies in the lack of awareness among consumers.

Khan said the auto industry is in a transitionary period.

Consumers will take time to adjust from B次元官网网址渧ehicles which never had connectivity or software to the (modern) vehicles with software that our lives have come to depend on,B次元官网网址� he said.

Khan suggested consumers ask car dealerships about the vehicle software and privacy protection from third-party apps.

B次元官网网址淲hen you go to purchase a vehicle, you ask about safety features such as seatbelts and airbags,B次元官网网址� he said. B次元官网网址淪imilarly, ask about cybersecurity which is basically a health and safety issue.B次元官网网址�

Another best practice is to be aware of the software used in the vehicle and how it would impact its security if a third-party app is downloaded. Experts suggested drivers should also update vehicle software regularly to avoid cybersecurity attacks.

When selling a vehicle or using a fleet car, customers should be careful when connecting their phones because they may leave behind their data remnants.

Other best practices include avoiding connecting to public Wi-Fi and to not keep car keys close to the front door since thieves can use devices that capture a key fobB次元官网网址檚 radio signal and extend the range to remotely start and steal vehicles.

Tim Burrows, producer of Canada Talks Electric Cars, has been driving electric vehicles for 10 years and says he never found himself thinking about cybersecurity until lately.

B次元官网网址淣ow that the software is actually B次元官网网址榙riving the carB次元官网网址�, I find myself thinking more often about the potential for bad actors to hack into the network and damage or control the semi-autonomous operation of the vehicle,B次元官网网址� he said.

While he is aware that risk exists, it is not something he is deeply concerned about, he said.

B次元官网网址淚 suspect it might become a higher value B次元官网网址榯argetB次元官网网址� for those wishing to cause harm,B次元官网网址� Burrows said. B次元官网网址淧erhaps my attitude will change when autonomous vehicles go mainstream.B次元官网网址�

This report by The Canadian Press was first published Oct. 8, 2023.

Ritika Dubey, The Canadian Press