Is Your Car Hackable? Exploring Cybersecurity Risks in Modern Vehicles
Although your car may not immediately come to mind when it comes to cyber-attacks, modern cars are basically computers on wheels, which makes them no different to phones or laptops when it comes to cybersecurity threats.
Here are the main cybersecurity risks inside a car:
1. Wireless Hacking
Many vehicles have wireless connections such as Bluetooth, Wi-Fi hotspots and keyless entry systems.
Attackers can sometimes exploit vulnerabilities to unlock doors, start the car, track the vehicle and access personal data.
A well-known example was the hack of the Jeep Cherokee where researchers remotely controlled steering, brakes, and the radio. This was a huge wake-up call for the automotive industry as 1.4 million vehicles were recalled to patch the vulnerabilities.
2. Infotainment System Exploits
Infotainment systems connect to phones and the internet. If compromised, hackers may:
• Access contacts, messages, and call logs
• Install malware
• Move deeper into the car’s internal network.
Researchers have repeatedly found vulnerabilities in Tesla vehicles including controlling infotainment functions.
Tesla runs one of the biggest bug bounty programs in the auto industry and patches issues quickly through over-the-air updates.
3. Keyless Entry Relay Attacks
This is one of the most common real-world car hacks today.
Attackers use radio devices to relay the signal from your key fob inside your house to the car outside, tricking it into unlocking and starting.
This affects many modern vehicles from brands like BMW, Land Rover and Mercedes‑Benz.
How it works:
1. One thief stands near your house.
2. Another stands by the car.
3. They relay the signal from your key fob.
4. The car thinks the key is present and unlocks.
4. Mobile App Vulnerabilities
Many cars have companion apps that allow functions such as remote start, lock/unlock and location tracking.
If the app, password, or cloud service is compromised, attackers might control these features remotely.
5. Malicious USB Devices
Plugging unknown USB drives into the car (for music or charging adapters) could install malware in poorly secured systems and exploit software vulnerabilities.
6. GPS Tracking & Privacy Attacks
Hackers might target navigation systems which could reveal location history, driving habits and home/work addresses.
Researchers have shown they could manipulate navigation systems in vehicles by sending fake GPS signals. This can make the car think it’s somewhere else which is particularly worrying for autonomous driving systems.
7. Over-the-Air (OTA) Update Attacks
Some vehicles receive software updates over the internet. If the update process is insecure, attackers could attempt to push malicious firmware.
Companies like Tesla invest heavily in securing OTA updates because of this risk.
Tips to Improve your car’s Cybersecurity
1. Protect Your Key Fob (Most Important)
Keyless entry relay attacks are the number 1 real-world car hack today. Keyless relay attacks now account for approximately 56% of all car thefts in the UK.
What to do:
Keep keys in a Faraday (signal-blocking) pouch
Don’t leave keys near doors or windows
Disable keyless entry in settings (if possible)
2. Secure Your Car App
Many cars rely on mobile apps for remote control.
What to do:
Use a strong, unique password. Read our blog Strong and Secure Password Guidance and Tips
Enable 2-factor authentication (2FA)
Don’t reuse your email password
Keep the app updated with the latest version
3. Keep Software Updated
Car software updates fix security vulnerabilities.
What to do:
Install updates as soon as they’re available
Don’t ignore update notifications
Ask your dealer if updates aren’t automatic
4. Avoid Unknown USB Devices
USB ports can be entry points for malware.
What to do:
Don’t plug in random USB drives
Avoid unknown charging adapters
Use your own trusted cables
Protect Your Vehicle from Hackers
Treat your car like a smartphone on wheels—keep it updated, locked down, and don’t trust unknown connections.