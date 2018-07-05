As we have become more digitally connected, so have our vehicles. Features such as navigation and multimedia streaming are increasingly standard, propelling the global connected car market to more than US$219 billion (S$299 billion) by 2025.

In Singapore, it is estimated that the connected car penetration is expected to hit 46.2 per cent in 2022 and the revenue in the connected car market came to US$66m just last year.

Technology helps make our lives more convenient, but there can be gaps in which hackers can exploit your connected car.

It used to be that the biggest risk was car keys being stolen.

But your digital keys may be a greater target for criminals.

Let's assume that the car manufacturer has a central server getting feeds from all its vehicles, for example location data.

This data may be stored on the manufacturer's premises, or in the cloud. Either way, your car will need authentication to connect to this central system.

How does the manufacturer trust, if your car is talking to its central system, that it is that car? Or how do you trust, if the central system is talking to your car, that it is the central system?

Hackers will try to compromise that connectivity, and to do this they need two things.

First, a route to connect into the system, say an open Wi-Fi.

This has been a known technique since 2015 when hackers remotely compromised and paralysed a Jeep Cherokee.

Second, they will need permission to get in. These are your digital keys.

So if your car is open to connections or communications from an open source and there's a weak password, then attackers have got the credentials to gain access to your vehicle.

The big question is, if that connection is compromised, what could an attacker do?

The threat will become greater when driverless cars hit the road in 2021.

This will take the capabilities of connected cars to a whole new level and the biggest danger is that a vehicle can be taken over.

There is a huge amount of work happening now to ensure that cybersecurity is fully integrated as part of the driverless vehicle development process.

However, if someone did compromise that connection, they could send bogus commands to the car, or vice versa, they could fool the central system with a fake car position and force a crash.

To be fair, attackers won't automatically know how to control driverless cars.

But they can lurk inside the infrastructure until they have the knowledge to take control and cause considerable damage.

We can expect to see such approaches being attempted to compromise driverless cars, with attackers holding the keys for a long time before they take the wheel.

Of course, full control of the vehicle is not the only motivation for cybercriminals.

We may also see attempts to track the journeys of high profile targets.

Attackers could silently collect travel data, while also using advanced social engineering techniques, to build a comprehensive picture of the person's habits and whereabouts.

This could potentially lead to a new type of online blackmail.

As car connectivity continues to increase, there are even more digital identities to manage, secure and, ultimately, trust.

The onus is on the manufacturers to keep customer data secure and ensure personal safety, and that starts with protecting the trust and any respective credentials.

Jeffrey Kok is vice-president of Solution Engineer, Asia Pacific and Japan, CyberArk.