When a reporter for Wired magazine took his car for a high-speed spin, he became part of a research project that caused a tremendous stir in the auto industry.
Working as a willing participant in a car-hacking experiment, he agreed to surrender control of his vehicle to a pair of hackers. As he drove 70 miles an hour on the edge of downtown St. Louis, the hackers wirelessly took control of the steering, brakes, transmission and dashboard functions – all by accessing the vehicle’s entertainment center.
The following month, hackers found a way to override the operating system of a relatively new electric car model, giving them remote access to the vehicle. (The car maker quickly released a patch to eliminate the problem.)
As cars become more connected and rely more heavily on software for operations, questions are being raised about how to secure the car of the future. In a world that’s become accustomed to computer hackers, bugs and viruses, the specific instances of such problems afflicting cars as they’re barreling down the road has drawn attention to the vulnerabilities of connected cars.
“We have already seen a number of ways cars have been hacked,” says Magnus Lundgren of the threat intelligence company Recorded Future. Through such things as a radio unit or an automaker’s mobile phone app, hackers can gain access to the vehicle. “As more partners get access to the vehicle, the more potential opportunities there are to get past the security systems.”
In other words, as cars are more connected, there are more ways to infiltrate their systems.
Securing the future
Last year, two senators introduced legislation that would require carmakers to meet specific standards of protection against digital attacks. Such a move would require the National Highway Safety and Transportation Administration and the Federal Trade Commission to develop new standards for car manufacturers to meet. Although the measure has failed to gain sufficient traction, it shows that the mindset toward how to protect drivers is shifting.
“The fact that cars are getting more and more sophisticated is making them both more and less safe,” says Scott Donnelly, senior intelligence analyst at Recorded Future. “On the one hand, it will be easier to monitor your car when it is connected, but on the other hand, you will be able to connect and potentially do more harm remotely.”
The key, he says, lies in the automakers’ ability to develop a well-planned security architecture and motorists knowing in advance how manufacturers will manage security upgrades through the car’s lifetime. Automakers will also need to become more vigilant about observing the tactics and techniques hackers use and monitor how they change.
It sounds like the stuff that spy movies are made of, and Donnelly and Lundgren acknowledge that the threat of cyberattacks on connected cars is very real. However, for average consumers, it will make very little difference in how they use their vehicles, and neither men see this as an issue of national security.
“Most hacking is done by cyber criminals who do it for financial gain, and we believe that is what you will see when it comes to cars as well,” says Lundgren, citing such criminal gambits as ransomware, a type of malware that locks a computer or encrypts user data until the hacker is paid.
“That’s a very likely threat to future cars,” Lundgren says.
But as hackers continue to refine their skills, automakers will step up their security game as well.
“Carmakers and those operating fleets of cars will likely need to monitor for threats to their technology and the likely rise of third-party applications for connected vehicles,” Donnelly says.
On the other hand, Donnelly adds, for all the risks, connected cars come with plenty of benefits.
“In general, the more connected cars are, the harder they will be to steal,” he says. “It will require an even higher skill set to steal a car and, most likely, we’ll see the number of car thefts go down.”