'He's in our hearts': Family and friends still seek answers one year after Nathan Wise’s disappearance
It’s been a year since Nathan Wise went missing and his family is no closer to finding out what happened to him.
Blasting the heat with a remote sensor before you even get into your vehicle on a brisk winter morning is a welcome convenience. So are the comforts of lane assistance, voice command, Bluetooth and Wi-Fi.
But experts warn modern, connected vehicles, which are heavily packed with microchips and sophisticated software, can offer an open door to hackers.
These cars are vulnerable to hackers stealing sensitive information or even manipulating systems such as steering wheels and brakes, said Robert Falzon, head of engineering for Markham, Ont.-based cybersecurity solutions company Checkpoint Canada.
"Cars are tracking how fast you're going, where you're going, what your altitude is -- and all the different pieces of information are being calculated ... It's all computerized," he said.
"Unfortunately, security is not always the primary thought when these (features) are developed."
A global automotive cybersecurity report by Upstream shows remote attacks -- which rely on Wi-Fi, Bluetooth and connected networks -- have consistently outnumbered physical attacks, accounting for 85 per cent of all breaches between 2010 and 2021.
That proportion grew to 97 per cent of all attacks in 2022, the report said.
There's a growing concern about privacy breaches among connected cars, experts added.
"Let's say someone is driving on the highway and the doors get locked, the car speeds up and the (driver) gets a message asking for bitcoin or they'll crash the vehicle," said AJ Khan, founder of Vehiqilla Inc., a Windsor, Ont.-based company offering cybersecurity services for fleet cars.
"That scenario is possible right now."
Khan added any car that can connect to the internet, whether gas-powered or electric, could be at risk of hacking.
But electric vehicles are particularly vulnerable to cybersecurity thefts.
Researchers at Concordia University in Montreal found significant weaknesses in their 2022 study of public and private EV charging stations across Canada -- all of them connect to the internet. The study showed breaches could affect drivers, power stations and the power grid they are connected to.
"The reason why there are a lot of vulnerabilities is because vendors and operators are rushing to deploy the infrastructure to meet the demand," said Chadi Assi, information systems engineering professor and research chair at Concordia University.
"As a result, cybersecurity was an afterthought and it was not part of the design of the infrastructure," he added.
Assi explained an EV owner usually connects with the charging station through an easily accessible mobile app. But many of these third-party apps had security holes, the Concordia study found.
In 2022, the number of automotive application programs-related attacks accounted for 12 per cent of total incidents, despite advanced cybersecurity, the Upstream report shows. The trend was up by 380 per cent compared with 2021.
One such vulnerability, Assi said, is that the protocol used for communication between the cloud management system -- which processes payments, among other important functions -- and the charging stations may not be encrypted.
"If you're making payments (at a charging station), those and any private information you put can be transmitted in plain text," he said, making sensitive information susceptible to theft.
If a charging station is compromised, Assi said, a customer's private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery -- the most expensive part of an electric vehicle.
Electric vehicle charging station-related breaches accounted for four per cent of cyberattacks on connected cars in 2022, the Upstream report said.
"Another critical aspect of cybersecurity in this ecosystem is the power utility itself," Assi said.
If a hacker synchronizes multiple charging stations and turns the charging of cars on and off, the power grid could be destabilized, he explained.
Assi said these shortcomings were flagged to manufacturers last year.
An August 2021 global standard was established to guide automakers in managing cybersecurity, risks including electronic control units, software and various vulnerable points of attack such as Wi-Fi and Bluetooth.
Manufacturers are working to strengthen cybersecurity in vehicles, Khan said.
But even the cat-and-mouse race to outdo hackers fails when intruders manage to find one weak spot -- which may allow them access to other connected vehicles.
"Auto cybersecurity is a very new field," Khan said, adding the risk will persist with the ever-changing software potentially bringing newer vulnerabilities.
Still, the biggest challenge lies in the lack of awareness among consumers.
Khan said the auto industry is in a transitionary period.
Consumers will take time to adjust from "vehicles which never had connectivity or software to the (modern) vehicles with software that our lives have come to depend on," he said.
Khan suggested consumers ask car dealerships about the vehicle software and privacy protection from third-party apps.
"When you go to purchase a vehicle, you ask about safety features such as seatbelts and airbags," he said. "Similarly, ask about cybersecurity which is basically a health and safety issue."
Another best practice is to be aware of the software used in the vehicle and how it would impact its security if a third-party app is downloaded. Experts suggested drivers should also update vehicle software regularly to avoid cybersecurity attacks.
When selling a vehicle or using a fleet car, customers should be careful when connecting their phones because they may leave behind their data remnants.
Other best practices include avoiding connecting to public Wi-Fi and to not keep car keys close to the front door since thieves can use devices that capture a key fob's radio signal and extend the range to remotely start and steal vehicles.
Tim Burrows, producer of Canada Talks Electric Cars, has been driving electric vehicles for 10 years and says he never found himself thinking about cybersecurity until lately.
"Now that the software is actually 'driving the car', I find myself thinking more often about the potential for bad actors to hack into the network and damage or control the semi-autonomous operation of the vehicle," he said.
While he is aware that risk exists, it is not something he is deeply concerned about, he said.
"I suspect it might become a higher value 'target' for those wishing to cause harm," Burrows said. "Perhaps my attitude will change when autonomous vehicles go mainstream."
This report by The Canadian Press was first published Oct. 8, 2023.
It’s been a year since Nathan Wise went missing and his family is no closer to finding out what happened to him.
Dozens of Ontarians are expressing frustration in the province’s health-care system after their family doctors either dropped them as patients or threatened to after they sought urgent care elsewhere.
An Ottawa pizzeria is being recognized as one of the top 20 deep-dish pizzas in the world.
Amazon's paid subscription service provides free delivery for online shopping across Canada except for remote locations, the company said in an email. While customers in Iqaluit qualify for the offer, all other communities in Nunavut are excluded.
The fire burning near Fort McMurray grew from 25 hectares to 5,500 hectares over the weekend.
Russia’s President Vladimir Putin began a Cabinet shakeup on Sunday, proposing the replacement of Sergei Shoigu as defence minister as he begins his fifth term in office.
Police are searching for a male suspect after a man was “slashed in neck” on Sunday morning in downtown Toronto and died.
There were some scary moments for several people on a northern Ontario highway caught on video Thursday after a chain reaction following a truck fire.
Health Canada announced various product recalls this week, including electric adapters, armchairs, cannabis edibles and vehicle components.
English, history, entertainment, math and geography: high school trivia teams could be quizzed on any of it when they compete at the Reach for the Top Nationals in Ottawa in June.
An Ottawa pizzeria is being recognized as one of the top 20 deep-dish pizzas in the world.
A family of fifth generation farmers from Ituna, Sask. are trying to find answers after discovering several strange objects lying on their land.
A Listowel, Ont. man, drafted by the Hamilton Tigercats last week, is also getting looks from the NFL, despite only playing 27 games of football in his life.
The threat of zebra mussels has prompted the federal government to temporarily ban watercraft from a Manitoba lake popular with tourists.
A small Ajax dessert shop that recently received a glowing review from celebrity food critic Keith Lee is being forced to move after a zoning complaint was made following the social media influencer’s visit last month.
The Canada Science and Technology Museum is inviting visitors to explore their poop. A new exhibition opens at the Ottawa museum on Friday called, 'Oh Crap! Rethinking human waste.'
The Regina Police Service says it is the first in Saskatchewan and possibly Canada to implement new technology in its detention facility that will offer real-time monitoring of detainees’ vital health metrics.
Just as she had feared, a restaurant owner from eastern Quebec who visited Montreal had her SUV stolen, but says it was all thanks to the kindness of strangers on the internet — not the police — that she got it back.