Today is an age of technology and of having internet use as part of appliances, household devices and even vehicles. A connected car is one that uses a variety of different software, applications and dongles to allow drivers to better control, navigate and park their vehicles. These high-tech cars are exceptionally complex, often using more than 300 million lines of code inside their systems, a number that is four times the code use of a Boeing 747 and that is equal to the power of 20 personal computers. Including this amount of technology has completely revolutionized the auto industry as more and more drivers want to have this power at their fingertips.
With this much technology and internet used in a single connected car, it is not surprising that there are inherent cybersecurity risks. These risks are mainly due to poorly written software that affects the safety of the vehicle itself or that causes the driver’s personal data to be collected and not private. Although the safety of the vehicle and the driver are important, the protection of personal data is causing the biggest uproar. In fact, recent cases of hacking into the Jeep Cherokee and the Volkswagen have led to increased worry about the safety of such vehicles.
A cheap piece of radio hardware that is easily available at most hardware stores allows just about anyone to intercept key fob signals and to create signal clones, thereby allowing criminals to enter and even to start connected cars without physically breaking into the vehicles. Cases of this type of criminal activity have caused the Department of Transportation and the FBI to issue nationwide warnings about the use of these key fobs and about potential car hackings.
For now, little is understood about the cybersecurity risks posed by connected cars, but manufacturers must begin employing new technology and strategies for addressing these types of issues. In a study conducted by the International Data Corporation (IDC), it was determined that while auto manufacturers do acknowledge that there is a serious problem with the security of connected cars, these manufacturers are often ignoring the important privacy concerns of taking and of storing data inside the cars.
They seem worried that hackers will force cars to crash, injuring people and buildings, but the hackers are more likely to use the cars to access government and corporate networks. Most car manufacturers have indicated that they are attempting to address these issues but that it could be up to three years before most cybersecurity concerns are handled. For a while this warning meant that the manufacturers were simply ignoring the entire mess, but recent car hacks as well as the Fiat Chrysler recall have forced automakers to face the issue.
With the so-called “bug bounties” offered for information about hackers and the establishment of the Auto-ISAC as the intelligence central hub, these manufacturers are finally beginning to take action against a very serious problem. These are just the first steps toward better cybersecurity for vehicles, but there will need be more efforts between competitive manufacturers to share and to track cyber threats, using these failed hacking attempts for analysis and for combat against future attacks.
Systems need to be designed and in place for security in vehicles as the cars are rolled off the assembly line rather than placing these systems as after-market afterthoughts. When consumers find a car company that is spending its money on the front lines of protecting the vehicle rather than waiting to apply a Band-Aid recall after the hack happens, that is the manufacturer that will see more business. Buyers do not want their safety and privacy compromised, and they will flock to the company that is protecting them.
As long as there is no security preemptively built into a connected car, the driver should be wary of downloading and of installing new apps that will supposedly better control the vehicle. These driver-downloaded apps are often the work of hackers who are attempting to gain access to the vehicles and to personal data. To help avoid this potential catastrophe caused by driver downloads, some manufacturers are beginning to push for all car apps to be sold through an app store that will carefully analyze the new apps for cybersecurity risks.
Even with these recommendations by the manufacturers themselves, many drivers continue to download apps as they see fit. In a survey, Kelley Blue Book found that while 63 percent of drivers do take cybersecurity seriously and do fear that they will be hacked, 42 percent of respondents still want more connectivity in their cars than they are currently offered. In fact, only 13 percent of those questioned agreed that they would not use an app if they knew that it would increase the possibility that their cars would be hacked. This conflicting data seems to indicate that most drivers do not fully understand the dangers of car hacking, and many respondents placed the burden on automakers to handle this risk and the problem for them.
Adding internet connectivity to vehicles creates a more complex cyber ecosystem that demands greater security. Until everyone involved in the issue, from parts suppliers to dealers to regulators to consumers, begins to take part in the process, there will be no clear solution. The NHTSA has previously indicated its displeasure at automakers’ constant recalls for bug fixes, but it cannot ignore the clear vulnerabilities facing the connected cars currently on the streets. The regulator’s pressure on Chrysler to fix its bugs is an indication that the NHTSA understands the importance of this issue, but improvements in cybersecurity across the board remain to be seen.
About the author
Matthew Young is a Boston based freelance writer. As an aspiring automotive journalist looking to make a name for myself in the industry, he is passionate about covering anything on 4 wheels. When Matthew is not busy writing about cars or new emerging tech, he usually spends time fiddling with his camera and learning a thing or two about photography. You can tweet him @mattbeardyoung