A few weeks ago a cybercriminal called David Colombo warned the world that he had taken control of 25 Tesla electric cars in 13 different countries due to a mistake made by their owners and without them noticing the attack. This worrying development has put Interpol on their guard, and they have put a message on their website to say that cybercrime is growing at a very fast rate and the criminals operate worldwide and can coordinate attacks in a matter of minutes.
These ‘crackers’, as they are known, can modify the software of a vehicle from a distance. This is not actually new: in 2010 researchers at Seattle and California universities demonstrated that the latest generation cars were vulnerable to cyberattacks and they hacked into two vehicles and remotely disabled their brakes and engine while they were being driven. The attacks multiplied and in 2018 the FBI warned manufacturers that they were being targeted by ‘crackers’.
Here in Spain, the Directorate-General for Traffic (DGT) is saying there is no need for alarm and the component manufacturers have been working on a solution for years. “The UN has produced regulations and established minimum cybersecurity criteria for all vehicles in record time,” they have said.
Under the new regulation, all vehicles that are homologised from July this year and all those sold from July 2024 must have a cybersecurity certificate.
Among the manufacturers, Ford says that although nobody can guarantee that data transmission via the Internet is secure, they have a cybersecurity team for connected vehicles designed to protect their information.
Nevertheless, Eurocybcar – a company with a database of all the attacks against vehicles since 2012 – says a cybercriminal can use the bluetooth system linking the telephone and vehicle to obtain personal information, locate the vehicle, spy on the driver, harass them or use their identity.
Not only that: they can also attack the emergency call system which is used to obtain help in an accident, activate or deactivate the airbags, take control of the steering and brakes to cause an accident, provide false information via the GPS or radio RDS system, interfere in the apps the driver can use to remotely control different functions of the vehicle through their mobile phone but which enable a cracker to spy on the user, access the manufacturer’s databases or start a car from a distance.
The DGT also says that with autonomous or electric vehicles, these are open to new forms of attack. For example, on the electric system or the charging point to cause an expensive breakdown or robbery, or even causing a fire, with the consequent risk to the occupants.