The adoption of electric vehicles (EVs) in both Canada and the United States is rapidly growing, driven by increased government incentives, environmental awareness, and the advancement of battery technology. In Canada, there are now over 500,000 electric vehicles on the road, and this number is expected to continue rising sharply over the next few years. In the United States, electric vehicle ownership is even more substantial, with millions of EVs in use. This growing trend brings heightened attention to cybersecurity risks associated with EVs, especially as they are inherently more connected than traditional vehicles.
Electric vehicles depend heavily on internet connectivity for various functions such as over-the-air software updates, remote diagnostics, and smart driving features. While these advancements improve convenience, safety, and efficiency, they also expose vehicles to increased cybersecurity risks. Due to this reliance on connectivity, EVs face greater risks of being hacked compared to traditional internal combustion engine (ICE) vehicles. However, it is important to note that any modern vehicle equipped with internet-based systems is at risk of cyberattacks.
One significant method that hackers use to compromise electric vehicles is by exploiting vulnerabilities in their software systems. EVs typically have complex operating systems that manage everything from battery usage to autonomous driving capabilities. Hackers can search for flaws in these systems and, if successful, gain unauthorized access to critical vehicle functions, potentially affecting the vehicle's speed, steering, or braking.
Relay hacking is another prevalent technique, especially for stealing vehicles. This type of attack targets keyless entry systems, which are common in electric and modern vehicles. In a relay hack, attackers use signal amplification devices to extend the communication range between the vehicle and its key fob. This enables them to unlock and start the vehicle even when the key fob is located a considerable distance away, such as inside the owner’s home. These attacks can occur quickly and silently, often without triggering any alarms.
In Canada, relay hacking incidents have been reported in several urban areas, particularly in the Greater Toronto Area (GTA), Vancouver, and Montreal. In the GTA, multiple incidents have been linked to organized crime rings that target vehicles with keyless entry systems. These attackers use signal boosters to relay the communication between the key fob and the car, allowing them to steal high-end vehicles, including EVs, from driveways or parking lots. In Vancouver, reports of relay hacking have increased in recent years, with thieves using this method to target luxury vehicles, which often have more advanced keyless entry systems. Montreal has also seen a rise in this type of car theft, particularly in areas with higher concentrations of newer vehicles equipped with keyless entry systems.
In addition to relay hacking, there are other ways bad actors can compromise electric vehicles. For instance, they may intercept communication between a mobile app and the vehicle itself. Many EV owners use smartphone apps to control various aspects of their vehicle, such as locking and unlocking doors, starting the engine, or monitoring battery levels. If hackers can gain access to these apps through phishing, weak passwords, or vulnerabilities in the app's security, they can take control of the vehicle or even steal it.
Bridging vehicle remote control systems is another tactic hackers use. By breaking into the vehicle’s wireless communication network or app, bad actors can execute brute force attacks to manipulate vehicle functions or steal sensitive data. Furthermore, attackers may attempt to breach the telematics systems used in EVs, which manage data related to vehicle location, performance, and diagnostics, putting both the vehicle and the owner’s personal information at risk.
Despite these threats, automakers are investing heavily in securing their vehicles against such attacks. Regular software updates are essential to patch any vulnerabilities as they are discovered, and newer vehicles are increasingly being equipped with encryption and multi-factor authentication to enhance security. Additionally, EV owners can take steps to protect their vehicles, such as disabling keyless entry features when not in use, storing their key fobs in signal-blocking pouches, and using strong, unique passwords for vehicle apps.
While electric vehicles bring a wealth of innovative technology, they also introduce cybersecurity risks due to their connectivity. The rise in relay hacking, particularly in Canadian cities like Toronto, Vancouver, and Montreal, highlights the need for increased vigilance. However, all modern vehicles with internet-connected systems face similar risks, not just EVs. By understanding the methods hackers use and taking proactive steps, automakers and vehicle owners can mitigate the risks and protect against cyberattacks.
At BlueSky, we offer our clients unparalleled access to analyst-verified monitoring, actionable intelligence, and proactive insights into protests and potential disruptions in real-time. Our commitment is to deliver intelligence that is not only insightful but also deeply rooted in human expertise. We pride ourselves on delivering intelligence that is insightful and human-centric, because "Our best intelligence is not artificial."