In the connected cars of today, virtually all communication between a driver's smartphone and their vehicle takes place over the internet via the cloud for functions as basic as starting the engine remotely and turning on the air conditioning. Sometimes it's a user sending a command to the car, and sometimes it's the manufacturer sending a request for the car's software to be updated.
There have been several instances where cybersecurity experts successfully sent commands to a vehicle remotely over the internet using an unauthorised account, according to Liz James, a consultant at IT security firm NCC Group , whose clients include some European car makers.
"Purely from the design of an always-connected vehicle, that threat, which didn't exist before, now does," she said.
The risk was on display earlier this year when teams of elite hackers gathered in Tokyo during the Automotive World conference to break into Tesla cars for prize money. Back in 2022, meanwhile, a German teenager made global headlines when he hijacked some functions on Tesla EVs, including opening and closing doors, turning up the music and disabling security features.
Using Apple's CarPlay or Google's Android Auto software, drivers the world over have become accustomed to connecting their phones to bring a smartphone-style interface up on a car's dashboard display to control and use everything from maps to music.
