1. Keep your vehicle’s software up to date. If you receive a notification about updating your vehicle’s software, verify that the update is legit (and not a phishing or malware scam) by contacting a local dealership or checking the manufacturer’s website. If you’re comfortable, you can install the software yourself (usually a USB drive containing the update is mailed to you), or you can make an appointment to have a dealership do it for you.
2. Check for vehicle recalls. Some vehicles have already been recalled due to vulnerabilities to hacking. If your car has been recalled, the manufacturer should send you a notification informing you of the issue and how to get it fixed at no cost. You also can check SaferCar.gov to see if your car has been recalled.
3. Don’t modify your vehicle’s software. Making modifications may affect the normal operation of your vehicle and introduce new vulnerabilities that could be exploited by an attacker.
4. Be careful about connecting third-party devices to your car. According to the PSA, “All modern vehicles feature a standardized diagnostics port, OBD-II, which provides some level of connectivity to the in-vehicle communication networks.” Normally, mechanics and technicians use this port to inspect your vehicle’s systems and emissions. But other devices, such as vehicle monitoring tools available to consumers, can also plug into the port. An attacker may be able to use these to access your car and data remotely.
5. Know who has access to your car. Just as you wouldn’t leave your computer or phone unlocked or with someone you didn’t trust, follow the same policy with your car.