DETROIT, Michigan. – Is your car safe from hackers? In a word…no. Greater awareness of the seriousness of car-hacking was raised over the past two weeks since two professional hackers – one of whom is a former National Security Agency employee – proved they could wirelessly hack into literally thousands of Fiat-Chrysler vehicles wirelessly and remotely take control of them.
As personal mobility and smart connectivity are combined, and driver assistance systems are careening towards fully autonomous vehicles, the issue of the day is now vehicle security. With the enormous amount of data pouring in and out of today’s car, you simply are not safe from hackers. Today there is no adequate security in place as vehicle connectivity becomes widespread and hackers have become emboldened to strike everything from government servers to corporate databases, and now even the private data embedded in your car.
With technological advances come bigger security headaches…and exponential risk. Not only is today’s vehicle itself more than 85% comprised of integrated software systems, so is the dizzying array of driver control choices: haptic-sensing feedback, multi-touch hand gestures, proximity sensing, natural speech recognition, smartphone-like display modules, car cameras, active park assist, adaptive cruise control, lane keeping technology…the list goes on and on.
The proliferation of software programs and systems that support these vehicle controls is not a new concern but, as complexity has grown over the past decade, so have crucial issues regarding consumer data security. In 2000, for example, a car had the power of 20 onboard computers utilizing 1 million lines of code. Today, there is the equivalent of 80 onboard computers and 100 million lines of code, with 500 million lines of code per vehicle likely by the end of this decade.
Onboard computers house a motorist’s confidential and personal data, and the automakers have a growing worry about the possibility of very private information being compromised. As the Washington Post reported last week, “Widespread hacks on cars and other connected devices are destined to come, as they already have to nearly everything else online. It’s just a question of when the right hacking skills end up in the hands of people with sufficient motives. Security experts detect disturbing echoes from previous eras of rapid innovation, notably the 1990s when the World Wide Web connected hundreds of millions of people to a thrilling new online universe. Warnings about looming dangers went unheeded until viruses and cyberattacks became commonplace a few years later.”
Vehicle hacking has become an everyday occurrence, and not just with one automaker. The Wall Street Journal reported that hackers proved they could manipulate a vehicle’s safety-critical mechanical functions from a laptop many miles away. “Two cybersecurity experts accessed a 2014 Jeep Cherokee’s computer brain through its Uconnect infotainment system and rewrote the firmware to plant their malicious code. The result? Hip-hop began blasting through the stereo system, the AC turned to maximum force. Then the hacker’s code killed the transmission and brakes.”
The National Highway Traffic Safety Administration (NHTSA) stepped in immediately and the outcome for Fiat Chrysler was damning, forcing the automaker to recall 1.4 million vehicles. NHTSA also notified FCA last week that they are formally launching an investigation regarding potential cyber-security flaws, affecting all automakers. Because of the dramatic growth of on-board computers in their vehicles, industry leaders Ford, Nissan and Toyota have expressed serious concerns and are seeking solutions to reduce likelihood of and vulnerability to hacking.
Solutions will not be achieved quickly or easily. According to accounting/consulting firm PwC, many public and private company Boards of Directors now take a very active interest in cybersecurity. “They want to know about current and evolving risks, as well as the organization’s security preparedness and response plans. Yet almost half of Boards still view cybersecurity as an IT matter, rather than an enterprise-wide risk issue.” No need to remind Fiat Chrysler executives or its Board of the worries or negative impact.
In large part the answer to car hacking problems lies at the engineering benches. Software patches and fixes are not enough. It is imperative that the OEM engineering teams design upfront applications that eliminate tampering even though today there is little incentive to make cars hack-proof. As car buyers look for cool new features, automakers must build security capabilities into the design beforehand. Additionally, engineers must be able to separate mission-critical and non-mission-critical systems so that the vehicle cannot be easily commandeered. Hacking infotainment is an annoyance and unacceptable, but taking over steering and braking is life-threatening. A government-sponsored, regulatory-based approach alone seems outdated.
The Washington Post paints a grim picture: “If a hacker-proof car was somehow designed today, it couldn’t reach dealerships until sometime in 2018, and experts say it would remain hacker-proof only for as long as its automaker kept providing regular updates for the underlying software — an expensive chore that manufacturers of connected devices often neglect. Replacing all of the vulnerable cars on the road would take decades more.”
With technology at the root of industry resurgence and profits, focusing on security measures seems like a drag on momentum. But, in order to build confidence and trust, the automakers must address these cyber-hacking threats and resolve them before they become an epidemic.
Phil Biggs is Executive Vice President for the Nashville, TN-based technology company, NeXovation.
Read more:
