You've heard of carjacking – but what about carhacking?
Can hackers really steal your car?
In this technology-fuelled, fully-digital age, we are surrounded by smart devices, from our watches to our speakers and even our toothbrushes. It makes sense that our cars are no different.
Unfortunately, where there are Wi-Fi connections, there are cybersecurity risks. And where there are cybersecurity risks, there are hackers who will attempt to exploit these risks for their own gain.
That's where carhacking comes in - some enterprising hackers are not satisfied with taking down airlines, hospitals or casinos and instead want to commit grand theft auto all from their phone.
How exactly do they do this? Read on to find out more…
How can you hack into smart cars?
One thing about hackers is that they can and will find a way to get into pretty much anything, smart cars included.
How they can hack into cars is varied, so we'll be taking a deep dive into these car-stealing hacks:
By using AI
AI is a hot topic, thanks to its use skyrocketing and it being integrated into a huge amount of things in everyday life, from chatbots to search engines. It is also, of course, making its way into cars through the processing systems of autonomous vehicles.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
AI's benefits and uses cannot be understated, but as with any kind of technology, malicious people can and will use AI for nefarious purposes. One of these purposes is hacking autonomous vehicles.
A report by McAfee noted that the AI systems used to power autonomous vehicles could be hacked into and manipulated by cyber attackers. One example of this was forcing a Tesla Model S to read a speed limit sign that read '35 miles per hour' as '85 miles per hour', making the vehicle rapidly speed up.
Of course, the impact of hacks like this could be incredibly dangerous, with vehicles forced to speed up or slow down on the whims of hackers, causing chaos on the roads.
Targeting electric vehicles
The use of electric vehicles (EVs) is growing rapidly, with a 69% increase in EVs worldwide from 26 million in 2022 to over 40 million in 2024.
While this is great for the environment, it also presents an avenue for hackers to exploit and gain access to your vehicle.
Tomas Bodeklint, research and business developer at RISE, notes that this is due to the nature of electric vehicles: “Electrification broadens the possible threats. We’re talking about all vehicles being connected in what is known as Vehicle to Grid, or V2G for short, which is to help society with its energy supply. This means communication has to take place when the vehicle is connected."
This presents an opportunity for hackers to intercept this communication to the car (and others) in a man-in-the-middle attack. These interceptions could allow hackers to gain access to the car, wreaking havoc on its system or even stealing it.
Not only this, but charging points for electric vehicles also pose a danger. Hackers could distribute malware to electric vehicles via public charging points, impacting the vehicle's function or using its software for nefarious means like bitcoin mining.
Stealing user login information
It's not enough just to worry about your personal details being stolen if you use public Wi-Fi - now you have to worry about your car being stolen, too.
In a YouTube video published in March 2024, two researchers (Tommy Mysk and Talal Haj Bakry from cybersecurity firm Mysk) showed how they were able to gain access to a Tesla Model 3 by generating a digital key, despite the account being protected by two-factor authentication.
Mysk and Bakry were able to bypass this layer of security and gain access to the car using a Flipper Zero (a self-described "multi-tool for geeks") and a Wi-Fi development board to create a fake Tesla login page, tricking their unsuspecting victim into entering their details. They were then able to access their account, generate a digital key and unlock the car.
Of course, Mysk and Bakry are white-hat hackers using this exploit to demonstrate the dangers posed by it, but it's not hard to imagine what hackers might do if they had discovered it first.
By using Bluetooth
Having Bluetooth in your car is incredibly useful, letting you listen to tunes, answer calls hands-free and even transfer directions from on your phone to on your car's navigation system seamlessly. However, it can also allow hackers onto your car's system.
Researchers from NCC Group have discovered a method of hacking into and stealing a Tesla Model 3 and a Tesla Model Y using a Bluetooth Low Energy (BLE) relay attack.
Essentially, the attack saw researchers put the hacker between communications from the Tesla app to the vehicle itself, allowing them to intercept and change these communications.
Tesla described the issue exploited as a "known limitation of the passive entry system”.
How car manufacturers are avoiding cyber attacks
So, we've taken a look at just how disruptive cyber attacks on smart cars can be, but it's not all doom and gloom – car manufacturers are aware of these risks and are actively working to reduce them.
In fact, chief executive of the Society of Motor Manufacturers and Traders, Mike Hawes, has said that "security is a priority for the automotive industry".
"Vehicle manufacturers are investing significantly in new features to help keep cars safe from cyber-crime. Industry is also working closely with government and security agencies to help implement further safeguards to ensure current and future generations of connected cars remain resilient to cyberattacks,” he explains.
Essentially, what this means is that manufacturers are aware of the risks and are working to combat them, so you can drive easy, knowing that the likelihood of your car being hacked and stolen is dropping by the day.
Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.