Owners of electric vehicles across the UK have been issued an urgent security warning, compelling them to immediately update the smartphone applications linked to their cars.
The Growing Threat to Connected Cars
Stephanie Crowe, the head of the Australian Cyber Security Centre, has highlighted critical vulnerabilities facing modern EVs. She explained that, much like other internet-connected devices, electric vehicles are susceptible to attacks from cybercriminals. These attacks could expose a treasure trove of sensitive information.
This includes personal details and payment information stored for recharging the vehicles. Ms Crowe provided a stark example to The Australian Financial Review, stating that if a criminal compromises a user's phone, an insecure car app could technically allow them to unlock and start the vehicle without the owner's consent.
Why Immediate Action is Crucial
The push for heightened security comes as EV adoption accelerates. In 2021 alone, there were 1.2 million internet-connected vehicles on Australian roads, with projections suggesting they will constitute a staggering 93 per cent of all new cars sold by 2031.
Ms Crowe's advice is unequivocal: owners must upgrade their app security without delay. She strongly advocates for the use of multi-factor authentication on all connected applications. 'We need to make sure that they're updated routinely and not switched off if you're too busy. We cannot be complacent with patching those,' she emphasised.
The risks extend beyond just losing control of the car. A compromised EV or its associated app could leak a user's call logs, text messages, and crucially, the credit card details saved in recharging apps.
How to Protect Your Vehicle and Data
To combat these threats, experts recommend a multi-layered security approach:
- Always use strong, unique, and up-to-date passwords for EV-related apps.
- Avoid storing passwords in web browsers due to the rising threat of information-stealing malware.
- Consider using a secure, offline password manager.
- Promptly install all software and app updates as soon as they become available.
Crowe confirmed that these simple steps are considered essential to 'minimise the risk of something happening to a connected vehicle.' The Australian Signals Directorate reinforced these concerns in June, warning that internet-connected cars can collect vast amounts of data. They cautioned that without a concerted focus on cybersecurity from the automotive industry, the illegal extraction of this data by criminals could become widespread.
The scale of the problem is significant. In the last six months, the ACSC has alerted more than 200 organisations about approximately 58,000 compromised credentials, underscoring the pervasive nature of the current cyber threat landscape.
