Over the past three or four years, Internet-connected vehicles have become the norm. Accordingly, cybercrooks have turned their attention to cars and trucks, looking for ways to gain access to vehicular navigational systems and to hack into drivers’ smart phones and iPads. Last year, recognizing the ever-increasing potential for breaches, automakers in the United States joined forces to battle the threat, tapping the expertise of some of the nation’s leading Internet security experts. Here’s an update on what these efforts have yielded.
- Self-driving vehicles have opened up a whole new area of concern. White-hat hackers have shown – in controlled situations – how vehicles could be hijacked to harm their occupants or generate mayhem on a busy highway. These security specialists have demonstrated how vehicles – especially the new breed of semi-autonomous or driverless vehicles – might be tracked and manipulated remotely by cybercrooks. The demonstrations have shown how cybercrooks could take control of a vehicle’s headlights, navigation, speed, windshield wipers, blinkers and radio. In some instances, hackers can remotely take control of brakes and/or steering.
- So far, no vehicle has been hacked into by a cybercriminal, but security experts and researchers have shown automakers how it could happen, and car manufacturers have taken the threat seriously. Cars with advanced connectivity – which includes prototype driverless or semi-autonomous vehicles – are potentially more vulnerable. Twenty years ago, the average car had about 1 million lines of code; today, cars can have 10 million lines of code, or about as much as a modern aircraft. Automakers have already felt the financial sting of this new cyberthreat. Major manufacturers are busy recruiting white-hat hackers to identify potential issues. For example, Fiat Chrysler recalled 1.4 million Jeep Cherokees after white-hat hackers exposed vulnerabilities in the vehicle’s IT circuitry.
- There is strength in industrywide initiatives. Nearly all automakers based in the United States banded together last year in an industrywide effort – the Automotive Information Sharing and Analysis Center – to develop best practices to combat potential cyberthreats, to develop secure hardware and software, and to draw up guidelines on how to respond to hacking incidents. The industry group’s membership is responsible for about 98 percent of the vehicles on U.S. roads.
- The challenge to strengthen cybersecurity in vehicles extends beyond car manufacturers. The notable gig economy transport company, Uber, as well as Didi, a Chinese company like Uber, have both been on the forefront of research to develop safer software and hardware and uncover potential security issues. The possible motivations for hackers to hijack vehicles are many and go beyond compromising highway safety. Smart phones and/or other portable computers that are linked to vehicles’ dashboard technology also present a potential entry point into other data centers housing confidential business and personal data.
Savvy consumers will recognize that the vehicles we drive are now a big part of the Internet of Things, and will take measures to shore up security on any personal devices they connect to their dashboards. Automakers will need to be constantly proactive to identify vulnerabilities in computers installed in new model vehicles.