If you’re an electric car owner and your car was produced in the last four years or so, the chances are it comes with some form of smartphone or web-based application that lets you check your car’s state of charge, turn on climate control or perhaps even unlock your car’s doors from anywhere in the world.
Why your electric car needs secruity
In order to make that possible, your car needs its own connection to the Internet, usually in the form of a 3G or 4G modem built into the car. That in turn makes it possible for you to communicate with your car and your car to communicate with you, usually through a specially-designed portal run by the automaker who made your car. As with any web service from email through to Internet banking, this does carry with it some inherent security risks.
As a consequence, we often hear sensationalist headlines proclaiming that electric cars are at risk of being hacked by ne’erdowells. Sometimes, they warn us that hackers can find out our cars whereabouts with maliciously-coded web pages. Other times, they warn that hackers can gain access to our cars, unlocking the doors to steal whatever is locked inside, even if they can’t start them and drive away.
Over the past few years, we’ve talked to many of the major automakers who make electric cars — including Tesla — and we’ve heard again and again from each that they’re working hard to ensure that your electric cars are as secure as possible while retaining the functionality you want from remote control apps.
As with any connected device, the only way to ensure you’re 100 percent safe is to disconnect it from the Internet, or in the case of electric cars, switch off all telematics.
But for those who want to retain some telematics functionality, there are some really simple things you can do to keep yourself and your car as safe as possible. Here’s just five of them:
Set a difficult password
Yes, we know: it’s difficult to remember your password unless it’s set to something memorable like your pet’s name, the date you got married or your favourite movie star, but the harder a password is to remember the safer it generally is.
When you set up your car’s telematics, be sure to give your account a really secure password. In general, passwords which appear completely random, such as the ones created by online tools like the Strong Password Generator are the safest. The more characters they have in, the better.
Avoid using single words, or easy-to-guess phrases if you can, but if you really do find things hard to remember, try @lphanumer1c substitution and placing capItal leTtErs in random places in your phrase.
Keep your password secure, and regularly change it
Of course, a difficult, high-strength password is only useful if you don’t write it down somewhere. Just like the PIN code for your banking card or your social security number, guard your car’s telematics password carefully and don’t share it with anyone.
Moreover, don’t leave it lying around somewhere — and that includes written down on your computer or mobile phone. If someone can read it, someone can steal it.
As an added layer of security, always change your telematics password at least once a month — or more if you prefer — to ensure your password is even harder to crack.
Lock your computer, smartphone
If you use a computer or smartphone to access your car’s online telematics portal, be sure to keep your devices secure too.
It’s no use, for example, in having a highly secure password if you’ve set your phone to automatically login with that password when you launch your car’s smartphone app. In a similar way, you need to ensure that your computer isn’t set to remember your login password to any web-based portal when you point your browser at whatever web address your car’s telematics system is based at.
Only use trusted devices, networks to log in
If you’ve followed all our tips thus far, your car is now far harder to hack than it was. But unless you’re careful about the computers and/or the wireless networks you use to log in, you’re still at the risk of something called a ‘Man-in-the-middle’ attack.
Simply put, this type of attack occurs typically when you log into an insecure wireless network or use a public computer such as those found in a library or other public space. In a man-in-the-middle attack, the data is intercepted between the computer or device you’re using and the server used to host your car’s telematics system.
To minimize the risk of this, only use computers and network connections that are properly secured and trustworthy. And in the case of a computer, always double-check the browser is using encrypted connections when dealing with your telematics service provider.
Keep your devices, and your electric car, up-to-date
Once you’ve done everything above, the only thing that really remains is for you to ensure that you follow the recommended security updates for both your car and the devices you use to connect to the telematics service. This means applying any recommended security updates from your car’s manufacturer when they are released, as well as following all necessary updates and security patches for your computer, browser, and smartphone or tablet computer.
It’s worth noting however, that you should never, ever, blindly accept an update on your computer without understanding what it does first! If you’re unsure of what the software update does, where it comes from, or what issues it is addressing, do not update.
To that end, you should only accept official updates from your car’s manufacturer or the company who made the device and/or program you’re using. If in doubt, check!
(When it comes to security for computers and gadgets, we can’t recommend Steve Gibson’s Security Now! podcast highly enough. If you’re so inclined, give it a go!)
Have we missed anything? Do you do something else to keep your electric car safe from hackers? What tips and advice do you think we should give?
Leave your tips in the Comments below.
You can also support us directly as a monthly supporting member by visiting Patreon.com.