Until about 18 months ago, carmakers generally downplayed the threat of a hack attack on the increasingly sophisticated systems found on-board a modern automobile. Cars were difficult to hack, according to carmakers, and they actually seemed surprised when some researchers actually did it.
It turns out the cars are far easier to hack that the carmakers have ever admitted and the spotlight is now shining on their vulnerability as highlighted recently on the CBS news program “60 Minutes,” a contentious report from the staff of Massachusetts Senator Edward Markey and the move by BMW to send out a security patch to some 2.2 million vehicles with connectivity systems.
In fact, Andrew Brown, the chief technology officer at Delphi Corp., said during a discussion on automotive cyber security organized by Center for Automotive Research in Ann Arbor, Michigan, that Delphi actually invited a small group of Black Hat hackers to put on a demonstration for carmakers and their suppliers last summer.
One of the demonstrations was conducted by a 14-year-old computer whiz, who used a handful of components he bought at Radio Shack for less than $20 to break into a vehicle’s system, Brown noted.
Carmakers have been protected from hacking up until now because the “malicious” hackers have bigger and better targets, said Anuja Sonalker, a cyber security expert from the Battelle, a private research institute based in Columbus, Ohio.
Hacking into one car doesn’t accomplish much for a hacker, she said. It’s more likely they would use a car as the “springboard” into a larger target, such as computers and servers used by police officers or financial institutions.
The panelists also noted there are dozens of ways for hackers to reach into a car’s operating system. Connectivity and Wi-Fi systems are one way, but UBS ports and radio signals offer other avenues.
(Millions of cars vulnerable to hackers, warns report. For more, Click Here.)
The good news for automakers is that there plenty of standards developed in other industries, notably the aerospace industry, where cyber security is fundamental issue in engineering systems, have basic standards that could transfer to the automobile business, according Brett Hillhouse, an engineering executive at IBM.
(Click Here for details about BMW’s move to block hackers.)
Up until now, carmakers have attacked the cyber security on piecemeal basis; however, a more systematic and all-encompassing approach is required. Every time carmakers add an electronic feature, such as keyless entry, you create portal for potential hackers, Hillhouse told the session.
But the security issues were rarely addressed and never in any kind of comprehensive fashion.
(To see more about why security experts believe todays cars are too easy to hack, Click Here.)
Shawn Slusser, vice president of automotive business at Infineon Technologies, said fortunately solutions are within reach as chipmakers have already developed security chips for use on systems, such as credit cards. Such systems can be applied in automobiles but they probably have to be included fairly early in the development cycles, which are still rather long.