The ability to connect your smartphone to the software-based infrastructure of your car might make it easier for you to listen to your choice of music, or to get directions to your destination, but it's also providing cybercriminals and hackers with another attack vector they could use to target the vehicle for nefarious means.
That's the warning from David Ward, head of functional safety at automotive engineering and development consultancy MIRA, who was speaking at The Institution of Engineering and Technology (The IET) during a recent conference on cybersecurity for urban transport systems.
Ward pointed out that software is becoming an increasingly important area of motor vehicle design, citing how "one or two vehicle manufacturers are starting to deliver over-the-air updates" and how in the US "dedicated short-range communication is proposed to become a mandatory feature on vehicles".
But he said one major challenge for securing vehicles is consumer devices being plugged into ever-more-connected car designs.
"Regardless of what vehicle manufacturer functionality might be providing for communication, consumers want to use mobile devices with their vehicles -- they want seamless handover between apps on their smartphone and features on the vehicle," Ward explained, arguing that "whether we like it or not, the vehicle has become always-on internet".
"So you can see that potentially, on this typical vehicle architecture, there are already very many attack points that we could identify from a cybersecurity perspective," he said.
According to Ward, cars now also have the potential to leak data, given how users can be required to login to systems and devices in vehicles. He told the audience at the IET, that this also presents "real issues" for security and privacy.
"The vehicle is now a storage location and a hub for data and often this is the consequence of pairing mobile devices," said Ward, who described how he stumbled across a potential security issue when using a rented vehicle.
"Recently, in a hire car I paired a mobile device with it so I could listen to music of my choosing and I found that there were at least ten devices in the 'previously paired devices' on that car," he claimed.
"Needless to say, when it went back to the rental station, there weren't any paired devices listed in the memory," Ward continued, but warned "all that means is they were deleted from the list; someone that could actually physically get hold of that unit could probably still extract the data".
The answer to these problems, Ward suggested, is to hammer home the message to vehicle manufacturers that they need to take these security concerns into consideration.
"I think it's something vehicle manufacturers are starting to consider, but I think what we're seeing at the moment is perhaps that [the issue] will be looked at from an infotainment perspective. What we need to say is, 'that's something which could be exploited to get deeper into the vehicle' and that's part of the challenge [car makers] face," he said.