Gone are the days where the fastest and loudest cars are ideal; today, it’s all about how ‘intelligent’ your vehicle is and how it can make life easier for you.
These cars are almost similar to computers in their complexity; according to Forescout, “software in modern cars exceeds 100 million lines of code”!
Such vehicles offer a variety of hi-tech options such as navigation systems, in-vehicle infotainment (IVI) systems, wi-fi connectivity and much more making such cars a part of the Information Technology (IT) world. Though these developments aim to make the best out of our drive, they also make our vehicles vulnerable by opening up several points of entry.
Perhaps the notion of a car getting hacked may seem absurd to many, but cyberhacking is a very real threat in the automotive sector; so real that the UK’s Transport Department and the EU’s Agency for Network and Information Security each published their own cybersecurity guidelines for car manufacturers and retailers. Several instances over the years have proven the gravity of this situation.
Hackers believed to belong to a Vietnamese government-backed group by the name of Ocean Lotus managed to infiltrate the networks of BMW and Hyundai to gain insight on automotive strategies. In this manner, hackers can damage not only the vehicles but manufacturers of cars directly as well.
A group of hackers learned to hack vehicle key systems by watching YouTube tutorials. There have been a number of similar car thefts over the world using the keyless entry system proving how simple it is.
In the UK, a group of thieves used keyless hacking to steal a £90,000 Tesla in under 30 seconds! All this was caught on camera. Earlier in March, a safety rating was designed to warn consumers of the theft risk caused by insecure keyless entry systems by labeling each car as either ‘superior’, ‘good’, ‘basic’, ‘poor’ or ‘unacceptable’ based on their vulnerability 6 of the 11 cars they tested resulted as ‘poor’ including the Ford Mondeo, Hyundai Nexo, Kia Proceed and Porsche Macan.
A hacker going by the name of L&M proved that he could hack into 7,000 iTrack and 20,000 ProTrack GPS tracking accounts. He had the power to track vehicles and stop car engines all over the world with a single touch. He aimed to highlight the importance of cybersecurity for companies in the automotive sector.
Cybercriminals were able to access private data of 14 million Careem service users in Dubai. In a similar attack, private data of over 57 million users of the ride-sharing company was accessed by hackers in 2017. Such data ranges from ride details, phone numbers, addresses, usernames and so on.
A security researcher was able to hack into Nissan Leaf’s app NissanConnect, and thus control the climate settings, drain the car’s battery, and access data from the user’s recent drives. In 2015, researchers managed to crash a Jeep Cherokee off the road.
Cyber-attacks on vehicles have been on a steady rise since 2016. A 2019 Synopsys and SAE research showed that 84% of the surveyed automotive professionals worry their current cybersecurity programs aren’t able to protect their technology. Even more alarming is that nearly a third of those surveyed didn’t have a cybersecurity program to address that concern.
The danger of hacking does not mean we have to drop the idea of intelligent vehicles altogether. There are a number of precautions that can be taken to ensure the safety and security of both the consumers and the manufacturers.
Car manufacturers should invest in a strong and updated Security Operations Centre (SOC) to analyze and solve all alerts. Such software must be incorporated into all connected vehicles. By operating in real-time, they can monitor all networks connected to the cars 24/7 and report any unusual activity. Moreover, all companies that handle IT data for the automotive industry must take vigilant security measures such as the requirement for stronger passwords, using multi-factor verification and prompts for regular updating.
Organizations such as the Automotive Information Sharing and Analysis Centre (Auto-ISAC) and the Alliance of Automobile Manufacturers and Association of Global Automakers work by connecting different stakeholders in a united attempt to make our vehicles more secure.
Opening up our cars to a number of external networks creates several weak points; by understanding their nature, we can focus on securing them against unwanted and illegal access.
We always roll up the windows and make sure our cars are locked when we leave the car. The physical dangers to our vehicles are very apparent but the cyber threats are just as dangerous. There have been several reports of keyless entries and thefts of cars.
Hackers can use ransomware or malware to take ransom from users by gaining their personal data and threatening to release it. They could even force your car to stop until you pay a certain amount on an important journey; whether you’re on vacation abroad, going to an important meeting or buying groceries – hackers can disrupt our daily lives from the tip of their fingers.
Using hacking to our advantage
Gaining access to vehicles does not necessarily have to be linked to thieves and criminals, it can also be used on the other side of the law, to help catch criminals instead of aid them.
Law-enforcement agencies often end up chasing criminals, speeding through traffic, risking their lives and those of innocent passersby. Governments and law agencies can develop systems that will allow them to be able to take over vehicles, track them or shut them down.
However, this can become an ethical issue.
Why should consumers willingly hand over their control to a government or a law firm?
Who’s to say a person in power will never misuse their authority?
Moreover, this may make vehicles further vulnerable by making them easier to hack.
Currently, cybercrime is not the most dominant type of crime in the world of illegal activities. However, this may be because connected cars are in a clear minority right now. Nonetheless, the world is rapidly digitalizing and different aspects of our lives are becoming interconnected through the Internet of Things (IoT).
The popularity of cybercrimes is rising hand in hand with the popularity of autonomous and connected vehicles; we must upgrade our cybersecurity measures to keep up with the impending threats.