Putting the Brakes on Connected Car Privacy and Security Risks

Data rules the world. It is estimated that 97 zettabytes will be created in 2022 alone; equals 97 billion TB. But while corporate IT chiefs and regulators recognize the reality of the cyber risks this entails, few view the connected car as a potential driver of data security threats. They are wrong about that. In fact, data from increasingly tech-centric vehicles is being produced at a staggering rate, raising concerns about where it’s being shared – and how securely.

A data explosion

The connected car market is starting to accelerate. It is forecast to be worth nearly $192 billion by 2028, at a CAGR of 18%. Even non-electric vehicles (EVs) now have a vast collection of microchips that control everything from in-car entertainment systems and heating to vital functions like braking and collision avoidance. The pandemic-era chip shortage has reportedly cost automakers (OEMs) tens of billions of dollars, underscoring the critical role they play in vehicles today.

But with more computing power comes more data, and lots of it. Today’s cars are more like a computer on wheels – or, more accurately, multiple computers. Intelligent sensors around the vehicle collect data – about temperature, oil level, speed, location, etc. – and send it back to the manufacturer’s servers and to a central “vehicle data hub”.

Both pose potential privacy risks, according to a report this year. Vehicle hubs are said to collect data from around the car – including connected smartphones – and offer it to third-party customers to help them develop products and generate insights. These organizations range from insurance companies and urban planners to advertisers, the report notes. It’s a vehicle data industry that appears to be worth as much as $800 billion by 2030.

What are the risks?

The risk of all this activity is that if not properly aggregated or anonymized, the data could be combined by third parties to create fairly detailed profiles of drivers, their movements and even their vital signs. For example, some cars offer heart rate monitoring from the driver’s seat. A more immediate risk is the OEMs themselves, who have access to a vast amount of driver and vehicle data points and could therefore theoretically be a potential target for data thieves.

Automotive industry players operating in the EU would need to comply with the GDPR and those in California would need to comply with the CCPA. That should make strong data encryption a must to prevent it falling into the wrong hands.

As vehicles evolve and add features designed to appeal to commuters, the risk of losing sensitive company data only increases. The industry is beginning to realize the importance of privacy in the connected car. Data-centric security will enable OEMs and other business stakeholders to take control.