1
Unauthorised control of the vehicle
The biggest fear and gravest risk associated with any vehicle with a degree of automated control must be control of the vehicle by unauthorised actors or compromised systems. A vehicle is, effectively, a lethal weapon, so the possibility of one being used by a malicious actor is worrisome.
It sounds like something out of a science fiction horror story but, in fact, there are numerous examples of hackers taking control of vehicles. In 2019, researchers hacked into Tesla vehicles and were able to unlock doors, open windows and disable security settings. Tesla isn’t the only manufacturer to be vulnerable to this type of attack. Mercedes-Benz, Ferrari and the vehicle systems GoldStar and OneStar have all proved to be vulnerable to this type of attack. In the latter case, the hackers were able to take control of law enforcement vehicles.
Against this type of attack, the onus lies firmly with the manufacturer to ensure that the right level of cyber security measures are in place and cyber security vulnerabilities are proactively sought out and addressed.
2
Data privacy
An electric vehicle stores a great deal of information of a personal nature. Vehicle telematics produce data on the location and operation of the vehicle, as well as sudden acceleration and braking and trip histories. GPS navigation systems also record trip histories and info-entertainment systems understand the drivers’ voice commands and entertainment and music choices. The data collected by these systems includes personally identifiable information, which creates privacy and cyber security concerns. If hacked, such data could cause serious privacy issues.
3
Facial recognition software presents an even greater privacy risk
In some electric car models, facial recognition software is used as part of the vehicle’s autopilot systems. An in-car camera is used to capture biometric data and monitors facial and eye movement to measure the driver’s attention levels. In 2023, a class action lawsuit was filed in the USA against Tesla for violating the Biometric Privacy Act. The complainants argue that the loss, theft or misuse of facial recognition data is far more intrusive than another type of data breach. Unlike a computer password, individuals can’t change their facial geometry. While the case is expected to set a precedent in the USA about the ramifications of misusing drivers’ data, it also highlights the need for exceptional data privacy and strong cyber security in electric cars which rely on facial recognition software and their supporting systems.