In the recent WannaCry ransomware attacks, one fact that never got highlighted is the threat to the automotive industry. There exists a genuine threat to the auto industry from hackers. They can get into your companies and they can get into your cars. A news story we carried shows us how a manufacturer was affected by the recent cyberattack. The Renault-Nissan Alliance was not the only one to be threatened, I presume. I’m sure, several other auto companies may have been hit but haven’t disclosed what transpired.
Most automobile companies anyways don’t have a secure and strong IT infrastructure that can protect themselves from cyberattacks. Renault and Nissan clearly came out and addressed the issue with a security plan but how many others did, we may never know. The fact, however, remains that the auto industry is vulnerable to risks. In the future these risks will grow as more digital technologies make their way into cars, posing stronger cybersecurity issues.
There lies the other big challenge – most manufacturers are extremely positive about introducing digital technologies into their cars, but very few are aware of how to protect their cars from digital threats. ‘Can a car be hacked?’ I don’t necessarily have the answer to that, but I could presume that if a cell phone can be hacked today, then an automobile is already a victim or will shortly be. How would you get into a carâ€™s systems? It could be through the internet services – manufacturers provide in certain cars services that create a wireless hotspot for instance or provide internet radio. How secure these connections are is anyone’s guess? Then there is the Bluetooth connection or through a third-party device like an on-board diagnostic equipment, hackers have enough routes to get into a car.
Even if a car is not directly hacked into, the potential exists to hack into a system at a vendor level. Insert a malicious code and then wait for it to come into action at a predetermined time. It sounds like science fiction, but what Volkswagen did to escape emissions tests, using a hack that worked intelligently to detect when it was being tested for emissions and applied a different rule to lie its way through the test, wasn’t science fiction.
There is also a genuine and serious potential for a remote car hacking situation. Charlie Miller and Chris Valasek are two very famous security researchers who managed to hack a Jeep in 2013. They made it stop, steer and accelerate remotely. It sparked off a 1.4 million vehicles recall by Chrysler to fix the issue. Several other researchers have likewise showed instances of being able to control a car remotely. However, the automotive industry lobby is still loathe to admit that cars can be hacked and have shown an equal number of reasons as to why it can’t be done.
The point, however, is that we are quickly progressing towards an age that is highly dependent on electronics to function. And electronics can be manipulated. In its simplest form we, as consumers, hack our cars to provide better efficiency or performance using on-board chips. These chips alter the basic functions of the carâ€™s ECUs and give it a completely new set of instructions. With more systems coming under an electronic umbrella, you have keyless entry and ignition, steer by wire, brake by wire, adaptive cruise control, adaptive suspension, launch control, hill descent, electronic stability control, traction control, pedestrian detection systems, and so much more. We are building an ecosystem for autonomous driving, but is that system secure?
Recently a bunch of Beijing-based security researchers demonstrated a hack that made a car believe its key was within proximity and unlocked the car, even though the owner was several feet away from the car. They created a device that copied the signal from the key when it lay in the owners pocket, amplified it, using a radio signal transmitted it several hundred feet away allowing them entry into the car as well as access to its ignition system. The device cost around Rs 1,500.
That is theft, but what happens if hackers can remotely gain access of your car when you’re driving and plough it into unwary pedestrians. Amplify this by a thousand times, use a multi-axle truck weighing several hundred more kilos instead of a car, steer it into a larger gathering like the one in Nice, France, and you now have a genuine terror threat!
Having said that, hacking cars is not as easy as it sounds or as I may make it out to be. It requires a fair amount of effort to break into a carâ€™s systems at this point of time. Don’t dismiss the notion entirely, but still, sleep easy!
To read more opinions from Bert, click here.