People are all going crazy about all the possibilities behind autonomous or self-driving cars. Engineers have been coming up with technologies that could make this once-futuristic scenario possible.
However, everything that is good also comes with bad. Autonomous cars are hackable for the simple reason that it operates through a network.
In an article written by Preston Gralla, technical writer at cybersecurity company Symantec, he quoted Brian Witten, head of Advanced Technologies, Office of the CTO at Symantec, as saying that various forms of connectivity, network or wireless, are potential attack vectors for self-driving cars. Bluetooth, while a very useful wireless tool, poses a lot of potential risks to autonomous cars. Cars use Bluetooth to stream music or other entertainment systems. Smartphones also use this wireless connection for navigation.
According to KPMG’s “Protecting the Fleet and the Car Business,” an average car contains 150 million lines of code and a vast number of wireless connections for internal and external connections. These lines of communication are sent over the cloud, technology’s Achilles heel.
KPMG said in its report that conversations have been mostly around hacking while cars, manufacturers should also look into fleet hacking which will bring considerable danger in the event of a cyber attack. One suite of autonomous fleets shares the same software, network, and connectivity. The damage is not only about stolen data but hackers can remotely manipulate autonomous fleet when they gain access to networks.
In a news report by Motherboard, a tech news site under Vice media, a hacker was able to monitor the location of thousands of vehicles by breaking into their GPS tracker apps. At one point, the hacker also turned off the engines of tens of thousands while they were still in motion.
Motherboard said the hacker, who goes by the name L&M, claimed into hacking more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts. These are monitoring apps companies use to monitor fleets through GPS tracking devices in India, Morocco, the Philippines, and South Africa.
The Washington Post reported that what worries manufacturers and cybersecurity experts are the keyless locking and ignition systems. Using the “relay hack” method, hackers trick the cars into recognizing that the owner is just nearby and remotely opens the car.
Symantec’s “Building Comprehensive Security in Cars” white paper, said that methods such as digital capture of location, signing data on capture, and using secure boot and code signing to ensure that firmware is not tampered may effectively elude hackers. The company also suggests in the white paper that over-the-air (OTA) update could be just one of the many ways automakers can remotely resolve an issue should a hacker get into networks and cause damage to cars and endanger the lives of passengers.
Security by Design
While hacking is an inevitable fact of digital and cloud-based life, cybersecurity firms are working hand in hand with automakers to add layers and layers of protection to keep autonomous vehicles safe.
Security companies are working to minimize the attack surface.
One such effort is the “Security by Design” philosophy wherein software engineers have integrated security from the conceptualization up to the execution, which makes the foundation secure. Automakers are also advised to choose its supply chain meticulously because third-party risks are inevitable.
Emerging technologies are not without risks even if they do not involve autonomous cars. However, automakers and security firms have banded together to come up with solutions to prevent the hacking of cars. The danger will always be there but mitigating it has become a priority for many companies.
Also published in GADGETS MAGAZINE July 2019 Issue