Cars have come a long way since their inception as steam-belching contraptions to modern electronic performance machines. With over a century spent on the streets, cars have now turned into just another gadget. It is this transformation that makes them vulnerable to cyber-attacks, much like connected and networked devices.
How dangerous is it to own a modern, highly electronic car in today’s times? How serious can cyber-attacks get for owners and the machines themselves? And finally, can a malicious force take over the entire car, possibly endangering occupants or fellow road users?
At the pace with which technology is progressing, cars of today can already be unlocked, started, and in some cases, driven remotely. However, the risks run deeper than that. Many cars are GPS-equipped, allowing infiltrators to track specific vehicles in real time. A car’s anti-theft mechanism is also be disabled remotely. The important part is that one does need technical knowledge of the car, or doesn’t even need to hack it in order to do such damage.
Cars of the future will be inextricably connected to each other and a central ecosystem. This could lead to cyber attackers gaining access to the all-connected automotive ecosystem itself.
Many of today’s cars have a smartphone app that remotely monitors or controls their vehicle. The app is a hacker’s entry point into the car’s control systems. Hacking a car requires a deep understanding of the car’s systems and access to information specific to the make and model. Gaining entry into a smartphone app is much easier. Presently, controlling a vehicle’s throttle, steering, and braking needs physical access to the car itself, making them safer than perceived to be.
There are a lot of electronic systems, sometimes controlled by multiple computers, that work cohesively to accomplish certain tasks. While this might seem to increase the risk of a car getting hacked, the point to consider is how accessible a system is. A successful attack is not enough. It needs to be scalable and easy to deploy. This usually means taking the remote access route via a wireless interface. If the interface is connected to the web, then the vehicle can easily be targeted.
Future cars will be more connected than before. Why, even present cars come with an internal modem which always keeps them connected to the internet. With the onset of V2V and V2X ecosystems, it is crucial for carmakers to rethink their security strategy. Instead of just firewalling existing software, it is necessary to protect software components from reverse engineering and modifications. Better separation needs to be established between different sub-components to contain breaches, and monitor and identify attacks in real time.
Fully autonomous cars could be at an enormous rusk owing to the absence of the human element monitoring their digital health.
Currently, almost all the cars rolling off assembly lines the world over are equipped with either Android Auto or Apple CarPlay. Such software does increase the attack surface of a vehicle, despite adding a lot of conveniences for occupants. Carmakers rely solely on the internal security of Apple and Android software components. They need to implement firewalls within the car to make sure that a peripheral system’s pitfalls do not affect the vehicle directly.
Of course, most global car manufacturing firms have set up product security teams. These teams not only look at vehicle perimeter from a security point of view, but also the levels of protection of the car’s extensions, such as smartphone apps and cloud services.
Automotive cyber crimes don’t make the headlines as of now, but the number of such incidences is on the rise. Carmakers are putting in serious research and a lot of coin in the fight against cyber-attacks, but even they can’t predict every eventuality. This is why the research does not always translate to direct or precisely targeted actions. Automotive manufacturers are not always aware of all the risks and do not necessarily strengthen security loopholes based on the risk level.
Consumers need to be aware and pursue a line of inquiry when it comes to assessing a car's digital safety.
While cyber-attacks and countermeasures are played out on a different entirely, we as consumers can also contribute to our cars’ digital integrity. Much the same way we assess a car’s safety rating, reliability, and specifications, equal attention must be paid to its cyber security.
Presently, there are no scales to ratify a car’s cyber security, and consumers do not possess the tools to examine the security level of the car they buy. As more and more consumers start demanding finer details of cyber security, more manufacturers will pay acknowledge the risks.
The automotive market has been notoriously slow when it comes to implementing occupant safety measures in products. Hopefully, global firms will see cyber security as a valid concern and make timely updates and additions to their products to ward off over-the-air threats.