Fact vs fiction: in an era of endless news sources and click-baiting, it’s ever harder to decipher which you should place your trust in. It’s an issue that pervades just about every aspect of society, including that surrounding autonomous cars. Should we worry that our vehicles be subject to hacking at every turn?
A recent article in the trade journal scmagazine.com by Sergey Zorin, head of transportation system security at Kaspersky Lab (with offices in Dublin) is enlightening. We’re told that just about every major component of a modern car – such as the engine, steering, brakes and so on – is controlled by technology and linked to an onboard network. As a result, there are lots of concerns and myths around the future of smart vehicles. The author determines the following fact from fiction:
- Fact: Cybercriminals can track me once they hack my connected car
Software can track the car, regardless of the location. In modern cars, there are video and audio interfaces for voice and gesture control, for instance, so there are several microphones and cameras, as well as built-in telematic modules with eSIM on board. Thus, they can be used to track, listen and watch what is happening inside the car.
- Fiction: Cybercriminals can use a car’s connectivity to hijack my vehicle
Connectivity is an extra risk that has recently appeared in cars and some real-life hacks have already been seen. The Jeep is a good example of that – hackers were able to take full control of the car while being thousands of miles away. However, the security and safety of smart vehicles consist of multi-layered, multi-staged protection measures that won’t easily let hackers hijack your car, at least for now.
- Fact: Cybercriminals can hack my car in order to exploit or sell my personal data
Connected vehicles will quickly generate and process more and more data – about the vehicle, but also about journeys and even personal data on the occupants. In 2018, this will be of growing appeal to attackers looking to sell the data on the black market or use it for extortion and blackmail. Car manufacturers are already under pressure from marketing companies eager to gain legitimate access to passenger and journey data for location-based advertising.
- Fiction: The nature of the automotive industry makes vulnerability issues so relevant
Vulnerabilities have indeed been introduced through a lack of manufacturer attention or expertise, combined with competitive pressures. The range of connected mobility services being launched will continue to rise, as will the number of suppliers developing and delivering them. This ever-growing supply (and the likelihood of products/suppliers being of variable quality), coupled with a fiercely competitive marketplace could lead to security shortcuts or gaps that provide an easy route for attackers. However, this is not an issue of the automotive industry – we see similar challenges in mobile, computing and IoT markets.
- Fact: Malicious software can affect not only smart cars but also smart traffic and cities
Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication is getting more and more popular. Essentially, daily and routine things like traffic lights or information messages on what is happening on the road could be hacked.
- Fact: Cybercriminals can use a car’s infection for money extortion
“Ransomware” can encrypt software components, meaning it won’t move without paying a ransom.
The author concludes that automotive manufacturers must make security a priority, integrating security by design as standard. “Defensive software solutions could be installed locally on individual electrical components— for instance, the brakes — to reinforce them against attacks.” Beyond this, a solution is needed to protect all components that are externally connected to the Internet.