Just over a week ago, the FBI and the National Highway Traffic Safety Administration (NHTSA) warned that the increased use of computers in motor vehicles poses an increasing risk for cyberattacks. If you’ve been following the explosive growth of Internet of Things (IoT) and connected devices, you’ve likely heard of these risks, but the FBI and NHTSA is now on record with their concerns. As their report states:
Motor vehicles contain an increasing number of computers in the form of electronic control units (ECUs). These ECUs control numerous vehicle functions from steering, braking, and acceleration, to the lights and windshield wipers. A wide range of vehicle components also have wireless capability: from keyless entry, ignition control, and tire pressure monitoring, to diagnostic, navigation, and entertainment systems. While manufacturers attempt to limit the interaction between vehicle systems, wireless communications, and diagnostic ports, these new connections to the vehicle architecture provide portals through which adversaries may be able to remotely attack the vehicle controls and systems. Third-party devices connected to the vehicle, for example through the diagnostics port, could also introduce vulnerabilities by providing connectivity where it did not exist previously.
A recent CIO article – Should You Worry that your Car will be Hacked – quoted Michela Menting, Digital Security Research Director at ABI Research on the need for automakers to enhance their R&D efforts around cybersecurity:
While cybersecurity is a mature and well-established discipline in the IT industry, the auto industry has been lax in applying similar practices. I do think the potential harm that can occur — notably in terms of human safety — is a critical element that will trigger investment and R&D by [vehicle makers] into offering cybersecurity solutions sooner rather than later.
Mobile Apps to Access
- Mobile App Unlocks Vehicle (Code Protection and SKB)
- Remote Start
- Status of Vehicle
- Authentication (Smartphone – Apple iOS, Android)
Operation of Car
- Over the air updates (OTA) & status
- Hacking into systems – threat to car manufacturer (Code Protection)
- Vehicle data – threat to user (Data Protection – SKB)
- Driving habits
- Apps Integrity (Code Protection)
- Media (Data Protection – SKB)
At the heart of all hacks, and lie exposed software and that’s one area that needs serious attention. The automotive industry today invests heavily both financially and time-wise in the development and deployment of software applications. These applications need to be secured to protect IP and reputation and is at the heart of robust connected car security.
Photo by Antti T. Nissinen.