1. Add a password for your Wi-Fi – and one that hasn’t been hacked before
If your car has its own WiFi connection, create your own password as soon as possible; previous hacks, including the case of the Jeep Cherokee, was made possible by the weak default WiFi password supplied by the manufacturer.
There was also a more recent case of a criminal – named L&M – who was able to monitor the locations and switch off the engines of thousands of vehicles in South Africa, Morocco, India and the Philippines.
These vehicles were all fitted with tracking devices that had a pre-set password of ‘123456’, which many users had failed to change.
Using reused or easy to guess passwords makes a cyber criminal’s job far easier. But there are ways to find out if a password is more or less likely to be guessed by criminals.
For example, pwndpasswords has a database of over 500 million passwords that have been previously exposed in data breaches. It’s safe to say that these passwords are being reused by attackers.
It’s good practice to create unique passwords which have a mix of random numbers and letters, include capitals and symbols, and don’t relate to you personally.
There are also random password generators online if you’re struggling for inspiration.
Pwned is one of the website that allows you to check if a password you use has been breached previously
2. Use a garage and mechanic you trust
Always use a trusted and qualified mechanic for your MOT, service and repairs.
As part of routine checks, mechanics will plug a device into the On-Board Diagnostic (ODB) port to check for any fault or diagnostic codes which need to be resolved.
However, this access could be used for malicious reasons, such as programming your electronic brake sensor to trigger early, lowering the life of your brake pads and meaning more trips (and bills) at the garage.
If you’re unsure, look-up a garage in your area which is part of the Good Garage Scheme – a signal they perform services to a strict Code of Conduct.
3. Utilise the vehicle maker’s security software updates as quickly as possible
Watch out for software updates – also known as ‘patches’ – from your vehicle’s manufacturer, which could include enhanced security features to protect you from newly identified threats.
Make sure you’re subscribed to manufacturer alerts and act quickly if you get notified of an update – all you normally need to do is enter your Vehicle Identification Number (VIN), a 17-digit number stamped into the car’s chassis.
4. Recognise that phone apps could be a threat
Keeping your phone applications – especially those linked to your motor, like Apple CarPlay and Android Auto – up to date is also key.
Any app that control functions in your car should have the most up-to-date security release.
A recent study in June found that 76 per cent of mobile applications have security flaws, so choose the ones you download wisely.
If you’re really concerned, consider opting out from these apps completely.
Some experts have warned that hackers can steal your car via a smart kettle
5. Disconnect your car from your home hub
Having your car connected to your smart home hub can have its perks. For instance, driving home on a winter’s evening and being able to turn the heating on in your property from the driver’s seat so it’s nice and toasty when you walk through the front door.
However, experts have warned that some devices linked to home hubs – especially small devices in the house – have basic security systems that hackers can infiltrate and use to access other products, like your car, that are connected to the same hub device.
In an interview with This is Money, cyber-hack guru Tony Dyhouse, director of Trustworthy Software Initiative, warned: ‘If there is a path from the car to a smart hub linked to a variety of devices, there is also a path in the opposite direction.
‘That means there’s opportunity to hack any device within the entire network by using the signal as a portal.
‘The more devices you add results in an exponential increase in risk. Ultimately, someone online could unlock your car doors and start the engine by hacking into your smart kettle.’
6. Wipe your data before you sell the car
If you are selling your connected car and don’t want to leave your data exposed, go to your car’s infotainment unit and look in the Settings menu for controls to erase your account and data.
It’s a bit like restoring a phone to factory settings. Check your manual if you can’t find it easily on the unit itself.
When you drive it to the dealer, don’t reconnect your smartphone to the car, as otherwise you’ll leave trace information that hasn’t been deleted.
7. Revoke access from your phone so data can’t be accessed
Deleting the car’s app from your phone won’t be enough to remove your access. You need to break the link between you and the vehicle.
Again, you’ll need physical access to the infotainment system in order to trigger the master reset key.
Follow the instructions on the unit or check the manual to ensure your access is completely revoked before you sell it to the new owner.
8. If you’re buying a second-hand car, make sure it can’t be tracked by the previous keeper
Just as you think about mileage, service history and state of repair when buying a used car, you should also think about data.
When buying a car second-hand from a dealer or private seller, ask for evidence that all data has been removed and access rights revoked.
Then you won’t have to worry that the previous owner can still track, unlock or even drive away with your new car.
9. Beware: Rental and Car Club vehicles could also be storing your information if you connect your phone
Chances are that you have plugged in your phone in a rental and seen data on people who’ve used it. So be wary of connecting your phone to a rental or a vehicle from a car club.
It’s better to just use the infotainment unit, or solely rely on your smartphone.