Cybersecurity expert Selva Orejón: "The first thing drivers should do is turn off Bluetooth and Wi-Fi when not in use; they're a gateway for cybercriminals."

The increasing connectivity of vehicles is one of the most notable trends in the mobility sector. Today, cars have ceased to be mere means of transportation and have become interconnected devices capable of exchanging information in real time . However, as cybersecurity expert Selva Orejón points out, this technological advancement, with all the advantages it offers, has also opened new doors for cybercriminals.

“Connected cars can be vulnerable, and in the hands of criminals, this vulnerability can be exploited to access sensitive information or even control aspects of the vehicle,” warns Orejón, founder and director of the cyber investigation and digital reputation agency OnBranding.

Although we might think that only the most modern models are susceptible to these risks, the reality is that most current vehicles can also connect to the internet, either through factory-installed technology or via a smartphone. Therefore, any connected car is exposed to potential cyberattacks if adequate security measures are not implemented.

As Orejón explains, connected cars are equipped with a SIM card that allows interconnection with various systems, allowing, for example, the vehicle to communicate with the dealership to report irregularities in the tire or brake sensors. But if these systems are compromised, the risks increase considerably. "These systems can be exploited to obtain information about geographic locations, access to contacts, and even details of how the vehicle is used, which represents a significant threat to user privacy," Orejón warns.

The danger isn't limited to newer vehicles. In fact, some older models also have vulnerabilities, especially if they're connected via smartphone apps. According to Orejón, "if a cybercriminal accesses a connected vehicle's app, they can monitor the driver's behavior, routes, and even driving style in real time." This intrusion would be like having a spy inside the car without the user realizing it.

Furthermore, the vulnerability of connected cars can also endanger the safety of passengers. As has happened in cases of remote vehicle theft through frequency cloning, the possibility of manipulating a vehicle by remote control could extend to much more serious cases if it is a vehicle with autonomous or semi-autonomous driving systems . Here, the risk would not only be access to data, but also the possibility of endangering the safety of the passenger.

Selva Orejón agrees that "we should all be aware of the risks and adopt security measures at both the individual and corporate levels." The expert emphasizes that cybersecurity is not only in the hands of manufacturers or connectivity services, but also depends on the precautions each user adopts.

“One of the first things every driver should do is disable Bluetooth and Wi-Fi when not in use. While these technologies are very convenient, they also provide a shortcut for cybercriminals if left on when the car is parked,” explains Orejón. “The same goes for mobile apps. If your vehicle is connected to an app, make sure you don't leave the app logged in or connected to the car, as this is an easy entry point for hackers, especially if you leave a laptop in the car.”

Orejón also emphasizes the importance of protecting electronic car keys. There are systems that act like a Faraday cage , which are small bags or cases designed to block radio signals. By placing the keys inside, you can prevent thieves from cloning them, and you're protecting the vehicle. Some people choose to wrap them in aluminum foil , which can also help mitigate risks.

But one of the most striking cases Orejón mentions is the remote theft of Honda motorcycles through frequency cloning. “A couple of years ago, we had a case of some clients whose Honda motorcycle was stolen with an electronic key that allowed, through a device, the frequency to be cloned and used up to 30 times,” says Orejón. “The Flipper Zero device, or similar devices, was able to capture that frequency, store it, and with that, the criminals took control of the motorcycle. This type of vulnerability also occurs in cars, and it can be very easy for a thief to gain access to a vehicle with only the right equipment.”

According to the expert, this type of theft doesn't only affect individual vehicles . "In some cases, thieves use these same techniques to steal cars parked in shopping center or airport parking lots, and then transport them to other countries to sell them or extract spare parts ." Orejón points out that these crimes aren't random. Criminals are often aware of the technological vulnerabilities of the vehicle and the parking lot. "Having Bluetooth or Wi-Fi enabled can be the key for a thief to know if the car is vulnerable or to detect electronic devices inside."

To combat these risks, the cybersecurity expert also suggests that companies implement stricter corporate policies. “At our agency, we only use corporate emails and company phone lines to manage vehicles. All services must be properly authorized and protocolized, including access to parking,” concludes Selva Orejón.