Above: Android Auto. Image courtesy Google.
Cybersecurity expert Liudas Kanapienis of Ondato considers the possible implications of the newest Android gaming feature.
There are some major exciting updates from Google’s latest Pixel Feature Drop, focusing on AI-power enhancements and new security measures. However, one feature is raising a security concern: in-car gaming via Android Auto. While Google touts it as a way to keep passengers entertained while parked, an expert warns that it could become a new frontier for cybercriminals, putting driver safety and vehicle security at risk.
The growing concern of car hacking
As our vehicles become more connected with GPS, cloud-based integration, or the internet for infotainment systems, they unfortunately expose more vulnerabilities to cybercriminals. Cybersecurity experts have long warned that connected cars are susceptible to hacking, and the addition of in-car gaming only widens the attack surface.
It’s a pressing problem. “Entertainment features cannot come at the expense of cybersecurity, which will require cooperation from both the automakers and tech companies. While gaming in car seems harmless, this situation could provide more entry points for hackers to take advantage of,” Kanapienis says.
How in-car gaming could be exploited
Games running on Android Auto are not guaranteed to be fully separated from the critical vehicle system. Hackers can attack the vulnerability of the gaming interface, thus allowing them to access the vital car controls, including braking, acceleration, or even steering in some models.
Liudas Kanapienis. Photo via LinkedIn.
Gaming apps also need internet connectivity, meaning that remote attacks are possible. Kanapienis says, “If an attacker compromises an in-car gaming system, they could potentially gain access to the personal data, track the location, or install malware.”
In fact, security researchers have already proven numerous car hacks successful. In 2015, security experts Charlie Miller and Chris Valasek used the internet-connected entertainment system on a Jeep Cherokee and took over its steering, transmission, and brakes while it was in motion. In the same year, a security vulnerability in BMW’s Connected Drive system was found allowing researchers to imitate BMW servers and send remote unlocking instructions to vehicles.
Even Tesla, who pride themselves on their clean and secured software, was exposed to threats when participants at the Pwn2Own hacking contest opened the front trunk or door of a Tesla Model 3 while the car was in motion. These real incidents, where the car systems have already been successfully attacked through the entertainment and connectivity interfaces, verify certain aspects of the in-car gaming threats to security. If you don’t realize this system will become an issue, you should now.
Distractions behind the wheel
The problem is not only cybersecurity but driver distraction as well. Google limits gaming to parked vehicles, but this policy depends on drivers’ compliance. If such restrictions are subsequently relaxed in future iterations, it can result in dangerous situations wherein drivers are driven to play in motion.
According to a report by the National Highway Traffic Safety Administration (NHTSA), in 2022, 3,308 people lost their lives in motor vehicle crashes involving distracted drivers. This situation can easily escalate with the addition of screen-focused entertainment features in cars.
The development of in-car entertainment features must be security-centric, says Kanapienis. He advises, “Companies such as Google should set up strict cybersecurity standards, including intrusion detection systems, end-to-end encryption, and periodic security checks to prevent these features from becoming a vulnerability.”
The drivers’ security, whether from distraction or cyber threats, is the responsibility of automakers and tech companies. Entertainment features may also need to be regulated with stricter guidelines on how they can be interacted with in vehicle systems.
