Meet our writers

Win $1,000







Technology June 2017

Why Your ‘Connected’ Car Could Become a Hacker’s Dream Machine

By Bill Siuru

Malware can be installed to later do bad things like set off air bags, lock the doors so you can't get out, or even take control of the vehicle...So far, there is no profit motive for vehicle hacking, but hackers are probably looking for one. One possibility is holding you ransom like locking doors or not allow engine starting until you send some money via your bank account or PayPal.

* * * * *

Connectivity allows access for hackers. So do simple items like remote and keyless entry, factory-installed garage door openers, Bluetooth, and even tire pressure monitors if they are connected to vehicle computer systems.

Today, computer hacking is a big topic, especially after the last election. In the future, cars could be hacked because cars, like computers and smartphones, are becoming connected to the Internet. "White hat," that is good-guy hackers have remotely taken over steering, brakes, and other functions in testing new vehicles. Also they have shown malware can be installed to later do bad things like set off air bags, lock the doors so you can't get out, or even take of control of the vehicle.

Most automakers now offer connectivity systems, such as BMW ConnectDrive, Ford Sync, Cadillac Cue, and Chrysler Uconnect. Vehicles come with Internet radio and Wi-Fi hot-spots. In the future, vehicle-to-vehicle (V2V) communications will allow vehicles to "talk" to each other to prevent, for example, intersection passing, and left turn accidents. With vehicle-to-infrastructure (V2I), traffic signs and signal lights could automatically adjust speeds or control cars at intersections. Like Windows and Apple computers as well as smartphones that are periodically updated, the software in vehicles will be updated via the Internet.

Connectivity allows access for hackers. So do simple items like remote and keyless entry, factory-installed garage door openers, Bluetooth, and even tire pressure monitors if they are connected to vehicle computer systems, which is now usually the case.

Right now, a vehicle hacker is more likely to be a computer nerd doing it as a prank. Professional hackers go where the money is – bank accounts, credit cards, etc. So far, there is no profit motive for vehicle hacking, but hackers are probably looking for one. One possibility is holding you ransom like locking doors or not allow engine starting until you send some money via your bank account or PayPal.

Naturally, car companies and their suppliers are taking cybersecurity seriously as connectivity to the Internet become more common, but they are latecomers to the cybersecurity business. The military, the computer community, telecommunications companies, financial institutions, and other high-risk entities have been concerned about cybersecurity for decades.

Auto makers are taking advantage of this vast experience. For example, Continental, a major auto-parts supplier, has joined with IBM and Cisco to create firewalls that control information flow between a car's devices. Harman/Kardon adds its own layers of security to separate their entertainment systems from the rest of the vehicle's digital network.

Isolating Internet-connected infotainment systems, Internet radio, and wi-fi hot spots, as well as other points of access is key to cybersecurity. For instance, something called hypervisors are being used to isolate vehicle systems from one another so nothing is shared. Semiconductor and computer-chip manufacturers can include encryption to prevent malware from altering programs.

Semiconductor manufacturer Intel has established the Automotive Security Review Board to conduct vulnerability tests and identify designs for cybersecurity. A testing platform is also being provided so that good guy hackers can test new hardware and software for vulnerabilities.

 

Meet Bill