What Security Means for Connected Car
August 03, 2016
You speed up as you merge onto the highway. Once you reach a comfortable cruising speed you realize that you left something at the office and need to take the next exit. You apply your foot to the brake yet notice a distinct lack of sensitivity; the car does not seem to slow down. Alarmed, you apply increasing force to the brake, but it seems to have no effect. At this point, certain something is wrong, you feel a near total loss of control over the automobile. In fact, your steering wheel now has no effect as the car hurls down the expressway. In your panic, you recall a recent TechCrunch article about hackers gaining remote access to connected cars. So you locate a switch to turn off all connectivity and throttle the emergency brake. After swerving off of the highway, your vehicle slows down and finally stops after becoming lodged in a ditch running parallel to the road.
Such a scenario may sound far-fetched. Most of us presume that our vehicles are, for the most part, offline devices. Yet the "connected car" is increasingly becoming a virtually universal phenomenon. In less than twenty years, according to GSMA Research, (*1) nearly every car on the road will be fully connected and remotely accessible. Figures such as this are made more urgent by recent demonstrations that show real vulnerabilities of connected cars. Hackers can take control of transmission, steering, and braking—all vital functions for safe driving and doubtless fatal when compromised to a hacker with mal intent. These risks have made security a top priority for connected cars.
Automobile manufacturers have been integrating Internet and network connectivity into an increasing coverage of vehicle functionality. From navigation to engine control and even to steering and braking, nearly every component of the driving experience has become accessible—and controllable—in these new connected cars. Recently, Fiat Chrysler was forced to recall 1.4 million automobiles due to a defect in their cars' Uconnect software. Demonstrating the vulnerability, two security researchers were able to take full control of a Jeep Cherokee's onboard computer system while the vehicle was driving at 70 mph down a busy interstate highway in St. Louis, Missouri. (*2) This vulnerability they called a "zero-day exploit."
But this is not the only case of connected car security compromise. Indeed, hackers have uncovered numerous similar exploits leading to alarming safety concerns. As a result, in fact, in the car industry software-related recalls for automobiles now almost match hardware recalls. (*3) Such security issues have arisen as primary concerns not only for the connected car industry but also government security forces. The US's FBI have even issued a recent warning about connected car hacks. (*4) So what can drivers do to remain safe while driving down the increasingly connected tech lane? Oren Betzaleli emphasizes the importance of Over-the-air (OTA) updates, a technology used to instantly update device software remotely (currently used in GPS, smartphones, tablets, and other devices). This, along with continued scrutiny on connected car security, could help keep our cars safe from hackers. Surely, such connected car security is in the best interest of drivers and passengers everywhere.