(Bloomberg) -- Hackers can already take control of a car. And asvehicles become rolling shopping malls, cybercriminals will have anopportunity to snatch your identity, too.

Eager for a cut of drivers’ purchases of fast food, gas andmore, automakers have big plans to bring e-commerce to thedashboard. Ford Motor Co. already has an app that lets driversdictate an order to Domino’s Pizza using voice controls and asmartphone. General Motors Co. this year began offeringAtYourService, which alerts drivers to deals at Dunkin’ Donuts orlets them book a hotel room on Priceline.com using voice commands.By 2020, as many as 40 percent of new vehicles sold worldwide willlet drivers shop from behind the wheel, predicts Thilo Koslowski,vice president of the auto practice at Gartner.

By 2022, 82.5M autos will be connected to theInternet

Connected cars present a rich target, akin to retailers orbanks, where hackers can troll for credit card numbers, homeaddresses, e-mail information and all the other personal detailsrequired for identity theft.

“Today the motivation for hacking a car is mischief, with anobjective of hurting people or car companies,” Koslowski said. Oncedrivers can shop with impunity as they roll down the highway, “thecar will definitely be viewed as a vulnerable device.”

Most cars sold today lack the technology for drivers to pay foritems they purchase (unless they use a smartphone). But by 2022,82.5 million autos worldwide will be connected to the Internet,more than triple the number now, according to researcher IHSAutomotive. In the next two to five years, “buy buttons” connectedto smartphone mobile wallets will start appearing on dashboards,according to Richard Crone, who runs payment adviser CroneConsulting LLC. That means motorists will soon be able to buy apizza, fill up the tank or preorder a half caf skinny macchiatofrom Starbucks without pulling out their phone.

Banking app for cars on its way

Banks and credit card companies are looking to pile in. Visa hasdeveloped an app for the dashboard or smartphone that enables thecar to automatically purchase gasoline, parking and fast food.Commercial deployments will be announced in the next three to sixmonths. FIS, a payment technology company, is developing a bankingapp for cars that will let drivers pay bills or check balances.

Commuters want to be constantly connected, and shopping from thesteering wheel is the next logical step, said Phil Abram, chiefinfotainment officer of GM’s OnStar system, a blue button on therearview mirror that links drivers to a live attendant.

“Over 3 million times a year, somebody pushes the blue button ina car and asks for directions to a hotel or to ask ‘Where is acoffee shop or gas station?”’ Abram said in an interview. “Theroots of this are in what customers want.”

But automakers this summer have proven easy targets for hackers.Two security experts hacked into a Jeep Cherokee’s infotainmentsystem in July to take control of the engine and transmission as an18-wheeler was bearing down on it. OnStar also was hacked when asecurity researcher used a small device hidden on a 2013 ChevroletVolt to take control of GM’s RemoteLink app, which allowed him tounlock the car and start its engine.

“This has been a bit of a blind spot for automakers,” MarkBoyadjis, a technology analyst for IHS, said of cars’ vulnerabilityto hacking.

The Jeep hack forced parent company Fiat Chrysler Automobiles NVto recall 1.4 million vehicles and ask wireless partner SprintCorp. to issue a temporary fix over its network. GM worked with the“white hat” hacker to come up with a software patch for RemoteLinkwithin 24 hours, Abram said. Early services like Ford’s Domino’sapp don’t put a driver’s credit card information at risk becausethat data is stored in the smartphone, the automaker said. Visa’sin-car payments will use a randomly generated digital “token”rather than the credit card number.

Opening dashboards to apps will invitethieves

Hackers bent on identity theft are expected to infiltrate carsthrough the entertainment portal, as the Jeep hackers did, ormarket malicious apps that appear harmless or even helpful, butactually steal personal information. Opening the dashboard to appsfrom third parties will invite thieves along for the ride, saidRyan Smith, chief scientist for Optiv, a cybersecurity company thatconsults with automakers.

“When payment systems come online inside of cars, it will be anattack surface that attackers will start looking at and poking at,”said Smith, who has worked with Charlie Miller and Chris Valasek,the men behind the Jeep hack. “You’re going to see the entirespectrum of fraud inside these vehicles.”

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.