With cars loading up on computing power, wi-fi and other pieces of 21st century connected technology, automakers have been reluctant to speak about the hack attacks similar to those that have cribbed credit card information of millions of Americans that happened to go through the check-out lines at Target and Home Depot.
But a panel on cyber security organized by the Connected Car Expo, which was held this week prior to the press days of the Los Angeles Auto Show, emphasized the threat is genuine.
In the era of the connected car, hacking a vehicle can take place any number of ways from penetrating the “Cloud” where data is stored, to the connection between the car and the cloud and through the vehicle itself, panelists noted.
Assured Information Security’s Karl Heimer suggested there were no guarantees right now that someone cannot go through the security of a vehicle. Security is a critical issue for carmakers as the use of technology continues to grow.
There is no doubt there are hackers actively working to get around the security measures employed by car makers, according to Chris Valaskek, director of Vehicle Security Research for IOActive, who noted that cars today have of areas in which the lines of code, which have multiplied exponentially over the last two decades, that hackers can exploit.
Vasalek and a co-worker actually did succeed in taking over the braking and steering system of a Ford Escape and Toyota Prius. Last year, they took their research a step further by downloading the mechanics manuals of various vehicles and zeroing in on potential avenues of attack for hackers. But they did not actually hack into any vehicles, though in their research they identified more than two dozen different vehicles that could be target successfully by hackers.
“We’re not trying to extort anybody,” said Vasalkek. “I’m not clever enough to do that.”
(Fiat expects to finish Ferrari spinoff next summer. For more, Click Here.)
He added that the objective of the exercise was to prove that cars, which are increasingly complex, are vulnerable.
(Click Here for details about this year’s winners of the IVY Award: Ford F-150 and BMW i8.)
Moreover, the panelists noted that ad-hoc security devices that could be added to their cars by individual motorists could simply wind up voiding a car’s warranty for the same reasons, tinkering with a car’s engine or mechanical system, that can void any manufacturers warranty.
(To see more about Scion’s iM concept becoming a production vehicle next year, Click Here.)
Gil Litchver, chief executive of an Israeli company, Arilous Security, said carmakers have to take security more seriously going forward, encryption works to some degrees but carmakers will have to prepare even better defenses because they new system being installed leave vehicles and motorists more vulnerable than in the past.
“The culture of threat is no joke,” he said.