Photo courtesy of Computer World
According to research from price comparison website, MoneySupermarket, 99 percent of drivers are unaware of the major digital hacking threats their car may face. Despite 110 car models being vulnerable to hacking, only 50 percent of drivers are concerned with the possibility of their vehicle being hacked.
There are two general types of hacking that can occur with your car. First, the theft of a vehicle via hacking of the keyless entry and ignition system. Second, hackers actually infiltrating a car’s systems and being able to control all aspects of the vehicle.
In the first scenario, hacking the keyless entry and ignition system would allow a hacker to steal your vehicle. From key jamming to phone phishing, the security flaws would allow these cybercriminals to exploit and attack your vehicle. From the aforementioned study by MoneySupermarket, 16 percent of drivers or someone they know has experienced car hacking. Another 79 percent admitted they don’t know whether their car insurance would cover hacking.
As for the second scenario, hackers are able to infiltrate a vehicle through a minor device, such as an infotainment system, then have complete control of the vehicle’s door locks, brakes, engine, or even semi-autonomous driving features. This exact scenario occurred back in 2015 in a hacking demonstration involving a Jeep Cherokee. The demonstration showed a Jeep Cherokee being hacked from a remote location and the hacker had access to essentially all aspects of the vehicle. As a response, Fiat Chrysler Automobiles had to send USB sticks with software patches to the owners of 1.4 million cars and trucks.
In last year’s The Fate of the Furious action movie, a large-scale vehicle hacking resulting in death and destruction was depicted. However, Joe Fabbre, a director with California-based Green Hills Software, which makes operating systems software for vehicles with a focus on security, doesn’t believe this scenario is too farfetched.
“There are very skilled hackers out there who can beat through a lot of medium and low levels of robustness in terms of security that is present in a lot of cars today,” Fabbre commented.
Automobile Industry Responding to Threats
The Jeep demonstration truly rocked the automobile industry in terms of cybersecurity back in 2015. Since then, automobile companies are responding to hacking threats that are present today. Similar to how computers and smartphones receive software updates, vehicles are gaining the ability to wirelessly download security patches. These over-the-air updates allow auto companies to respond to threats and newly discovered vulnerabilities much more quickly than having to direct customers to bring their vehicles to dealerships.
In 2016, Fiat Chrysler partnered with a San Francisco-based company to launch a “Bug Bounty Program.” The program pays so-called white hat hackers up to $1,500 each time they discover a vulnerability that was previously unknown in vehicle software.
Major automakers also created the Automotive Information Sharing and Analysis Center, known as Auto-ISAC, to research and discuss best practices for vehicle cybersecurity.
“It’s a concern that all of the (automakers) are addressing,” said Faye Francy, Auto-ISAC’s executive director. “They’re working at it and trying to share what they’re learning.”
Presently, there have been no reported real-life vehicle hacks that have resulted in crashes. Perhaps this could be because hackers haven’t figured out a way to turn the hack into a profit. With that being said, the potential danger of hacking could grow as autonomous vehicles are scheduled to hit the roads in the 2020s. Driverless cars will be communicating with each other via “Cellular-Vehicle-to-Everything” systems.
While cybersecurity experts believe the best way to stay ahead of the hackers is through regular over-the-air software updates, we all know that isn’t 100 percent effective as updates to computers don’t protect against cyberattacks.
It’s hard to say where the automobile industry is heading regarding cybersecurity as the idea is still in its infancy all things considered. Unfortunately, it’s going to take real-life, real-time hacks for automakers to truly understand how and in what way hackers are going to attack their vehicles.