As electronics and related code become more integrated into modern vehicles, we are reaching a point where they will require similar protection as smartphone, tablets and traditional computers. There is a real worry about hackers controlling vehicles in different scenarios such as having fun with the songs being played, downloading rogue apps, disabling the vehicles ignition, to overriding braking systems. Similar to the early days of the Internet, security has not received a great deal of attention to date from car manufacturers. Researchers have demonstrated in controlled experiments that vehicles can be controlled via the telematics systems at great distances and they have successfully embedded malware over wireless connections.
Modern smartcars in general are becoming more susceptible to electronic attacks which can be more effective than previous ‘slim jim’ type brute-force car opening attacks. In recent weeks, it has been disclosed that a £15 wireless device can be purchased online which amplifies a modern cars wireless entry system so that it the signal travels from the thief’s device to the owners keys up to 100 yards away allowing them access to the car and ability to drive away in seconds Finally, a risk associated with rolling out technology in smartcars as opposed to other platforms is the potential of distraction leading to accidents due to poor design or malfunctions. Technology experts outside of aviation and medical products tend not to follow stringent testing methodologies but lazily rely on fixing problems as they arise. Therefore a mis-configured service in a fast moving smartcar can lead to death. A number of factors may lead to change however. The motivation to build rigorous and secure systems should be there because it is quite possible that all involved in its design could be held liable if a defect caused or even contributed to a collision.
Vehicles have evolved to contain a complex network of as many as 100 independent computers, electronic control units (ECUs). ECUs perform a variety of functions such as measuring the oxygen present in exhaust fumes and adjusting the fuel/oxygen mixture improving efficiency and reducing pollutants. Gradually these ECUs have become integrated into nearly every aspect of a vehicle’s functioning, including steering, cruise control, air bag deployment and braking. In an article published in IEEE Spectrum, the authors stated that an “S-class Mercedes-Benz requires over 20 million lines of code alone” and “has nearly as many ECUs as the new Airbus A380 (excluding the plane’s in-flight entertainment system).” They estimated that vehicles will soon “require 200 million to 300 million lines of software code.” This more than anyone statistic must surely demonstrate the vulnerable nature of the 20th century vehicle. In addition, not only do these ECUs connect to each another but they now can connect to the Internet, making vehicle computers as vulnerable to the same digital dangers widely known among other networked devices: Trojans, viruses, denial-of-service attacks and more. It is quite common for new vehicles to have numerous connectivity modes such as through cell phone networks and to the Internet via systems including OnStar, Ford Sync and others. They have Bluetooth connectivity, short-range wireless access for key fobs and tyre pressure sensor. Some support satellite radio and they also have inputs for DVDs, CDs, iPads and USB devices.
One of the earlier hacking studies was done by the Center for Automotive Embedded Systems Security, the Washington team which was able to bring a wide range of systems under external control, such as the engine, brakes, locks, instrument panel, radio and its display. The attackers posted messages, initiated annoying sounds and even left the driver powerless to control radio volume. They also attacked the Instrument Panel Cluster/Driver Information Center displaying cheeky messages and altered the fuel gauge and speedometer readings, adjusted panel illumination. Subsequent hacks took over the Engine Control Module which lead to uncontrollable engine revving, readout errors and complete disabling of the engine. Lately Chrysler jeeps have been hacked from many miles away. The almost universal controller area network bus on vehicles – known as the CAN bus makes such breaches possible. All modern vehicles possess ‘On-Board Diagnostics’ port which allow mechanics to diagnose faults and retrieve information on the vehicle’s performance and in some cases change aspects such as the timing of the engine. This is becoming the main access point for hackers as everything can be changed using this port. Yes, important aspects such as the speed control, steering and brakes are all located on a separate vehicle network, there is still interconnectivity between both vehicle network backbones so that a breach in one can cause havoc in the other. It is presently still a difficult system to breach but as more and more exploits get shared on the Internet, there is much cause for worry. The vehicle mobile phone hardware providing a connection to the on-board computer system is also vulnerable to malware being installed which could allow a thief to unlock the car remotely and steal it. This is serious as is already talks of an app store for vehicle apps.
At this time, the biggest fear the driverless community have is an early autonomous or connected-vehicle traffic crash as it could prove to be calamitous. Bad publicity is a real risk for the deployment of innovative automotive technology and lately a poorly sourced news article made the rounds claiming that one driverless car had cut another driverless car of in traffic. The headlines wrote themselves but the truth of the matter really did not back the originating claimant. Of course when Antilock Braking Systems (ABS) were first introduced, negative publicity and poor consumer education delayed mass-market adoption. Similarly, when Electronic Stability Control (ESC) systems were rolled out, consumers did not fully understand how to make use of the technology. On the road, however, these systems delivered a clear, quantifiable reduction in fatalities. Once consumers understood how these systems worked, widespread adoption of ABS and more effective use of ESC followed.
Driverless cars will also inevitably generate large amounts of data. This will be useful for many future uses such as crowdsourcing optimal routes or personal location based services however this can also lead to privacy concerns. Whether it is your insurance company, the automaker, or your local dealer, or even local law enforcement, all could have yet another means to track your every coming and going. Hackers may target this personal mobility data so as to capture data, modify records, instigate attacks on systems and/or tracking individual vehicles. We may also see denial of service attacks on vehicles. The possibilities are the core material in sci-fi movies.
The key to preventing these forms of privacy attacks are to remove identifying information and suppress data. Encryption of course must be used and where possible tamper-proof hardware and enforce user-defined privacy policies. The success of driverless cars depends in part on resolving the conflicts in privacy concerns between the stakeholders who will make decisions about how information is collected, archived, and distributed. What is to stop governments spying on their citizens or foreign governments and terrorist groups tracking individuals through their vehicles. Proof of concept hacks have shown how to listen in on vehicle conversations through the in-built Bluetooth hands-free system. This would reveal many secrets to interested parties. Some early prototypes are beginning to communicate with the grid, the cloud and other vehicles. It will not be long until smartcars by default will likely keep an activity log for service and debugging.
Security for vehicles as in other sectors can be one of the areas in which cost savings can be made. There is always a rush to market and to date of course, most hacks have been primarily theoretical. This and other factors has led to security not receiving a great deal of attention to date from manufacturers. Even if functions such as the speed control, steering and brakes are all located on a separate vehicle network, there can still be interconnectivity between both vehicle network backbones so that a breach in one might cause malfunctioning in the other. A risk associated with rolling out technology in vehicles as opposed to other platforms e.g. homes, offices is the potential of distraction leading to accidents due to poor design or malfunctions in the new product. Technology experts outside of aviation and medical products tend not to follow stringent testing methodologies but lazily rely on fixing problems as they arise.
Vehicle ‘operating system’ security currently resides with the manufacturers (i.e. you cannot install McAfee or Norton anti-virus) but it is advisable to familiarise oneself with aspects such as the remote shutdown feature. For instance, who and what can cause that system to shut the car down. Also, one should be careful when installing third-party electronic accessories as they may not be as rigorously designed as an original manufacturer feature. If you are extra paranoid, you may want to restrict access to the OBD-II diagnostic port. This is a key diagnostic port used by service mechanics but it is also a key attack vector to upload malicious code.
Crucial components of the future will be the mobile networks, ad hoc (car to car) networks, vehicles to/from road sensors and satellite communications. We can expect a significant portion of the Internet to be consumed by vehicle communications. In the future, all smartcars will have network connectivity. It will possibly become part of the national MOT – that your 4g/wifi is active & working – otherwise you could be fail. This will allow them to receive firmware/software updates and synchronisation over the local home/network of music, GPS data etc. It is only a small step for much of the telemetry data associated with that vehicle to also be uploaded so as to allow a city to optimise traffic management. Therefore, not only will it be important to keep our communication gadgets updated but it will also be as important to keep our driverless cars updated to the latest OS rollout. Already, the most impressive car hack on the Chrysler was done due to a weakness in the mobile network connectivity service.
A saving grace for now is there are not many motivations to stealing vehicles via a sophisticated hack because of the complexity involved and sophisticated tools needed. It is still easier to use a Slim Jim. However that will change in the days ahead and vehicle manufacturers and telematics installers need to concentrate on all the vulnerable entry points and insert firewalls to restrict access to integrated systems such as the mobile communications service, radio and music system and on-board diagnostics port. They urgently need to update the security of automotive computer systems starting yesterday.