New cars carry more interlinked computing systems than a typical small business. Buried under hoods and behind touchscreen control panels, microprocessors run by millions of lines of code operate an array of crucial functions, from brakes and steering to headlights and horns. Automakers are constantly adding more features, processors and software.
This new era in the evolution of motorized transport seems like a win-win situation for all. Most consumers embrace the technologies, and automakers welcome the bigger profit margins that teched-out cars provide.
But cybersecurity experts warn: Not so fast.
Automakers are so eager to pile more microprocessors and software into their vehicles that they’re moving faster than their ability to secure what are essentially rolling wireless networks. Experts say they are creating poorly protected systems that have the potential to be commandeered by malicious hackers who could take control of vehicles and send them careening into other cars. While the risks are low now, they're expanding with each model year.
“Manufacturers are rushing headlong into implementing technologies that rely on connectivity without taking into account the possible unintended consequences and the accompanying increase in attack surface,” said Jean Taggart, senior security researcher at Malwarebytes Labs, the research arm of a leading anti-malware company. "Careful thought and evaluating the possible drawbacks of emerging technologies needs to be done by car manufacturers. Up until now they have operated in a vacuum of sorts.”
The electronification of vehicles has accelerated in recent years into a breakpoint in automotive history. Every year the latest models feature a new convenience-related personal technology features, like smartphone connectivity, or safety-critical computing functions, such as auto-braking to void rear-end collisions. But with the cutting edge technology comes serious safety issues. This is putting automakers smack in the middle of a cybersecurity business with an ever steepening learning curve.
“The automakers haven’t fully prepared themselves for this problem, and when organizations don’t have a background on security, they make certain assumptions that can compromise security,” said Rich Mogull, analyst and CEO with Phoenix-based Securosis, a security research firm.
This month Wired magazine published a widely read story showing how a Jeep Cherokee’s critical control functions could be hacked to take control of brakes, steering wheel and engine shutoff. Noted white-hat hackers Charlie Miller and Chris Valasek exhibited an alarming ability to remotely control safety-critical functions of the Jeep from miles away, using little more than an Android smartphone, a laptop, and months of research into the vehicle’s digital guts.
The hackers used their coding expertise to drill through the infotainment system to reach the electronics that control the brakes, steering wheel and engine power. From there they remotely interfered with the moving vehicle driven by cybersecurity journalist Andy Greenberg. This wasn’t the first time Miller and Valasek have shown off this alarming feat: they did similar hacks to systems on a Ford Escape SUV and a Toyota Prius hybrid.
On Friday, Fiat Chrysler Automobiles (FCA) issued a voluntary recall of 1.4 million vehicles from the 2013 to 2015 model years, including the Jeep Cherokee, Ram 1500 pickup truck and Dodge Challenger muscle car. The company instructed vehicle owners to bring their cars in for a software patch that would address the vulnerabilities Miller and Valasek identified.
Cybersecurity experts say there is no single fix for ensuring that hackers can’t hijack crucial vehicle controls. As cars become more autonomous, performing functions like auto-braking, lane changing and fully autonomous driving, the potential security vulnerabilities will increase.
“There is no reason why you should be able to do certain things to vehicles remotely, but as we move toward autonomous vehicles this will become more of a problem,” said Dave Miller, chief security officer for Covisint, a Detroit-based information technology company with roots in the automotive industry.
Miller says one important way to secure vehicle data, is to simply put some of it in the cloud so that that cars themselves are “dumber not smarter.” This would prevent hackers form targeting individual vehicle to access sensitive data, because the data would be stored remotely and access through a system used by major tech commonages to secure their cloud-storage services. “The easiest way for an auto manufacturer to fulfill requirements of car data security is to never store any data in the car and never let the car be the decision maker about external commands,” he said.
But this offers little for most safety-critical functions that need to perform whether or not a car has connections to a remote network. If a car is offline and the infotainment system doesn’t work, it’s a minor annoyance, but it’s not going to disable power steering or brakes.
A practical way of protecting certain critically important in-car computing tasks is to sequester networks by ensuring there’s no way for a hacker to bridge from the infotainment system (which is the most vulnerable access point because it’s connected wirelessly) to burrow into a car’s safety critical microprocessors. In security circles the term is known as creating “air gaps” -- no wires or wireless connectivity between a critical system and one that can be hacked remotely for back-door entry.
“The safest way to resolve this issue is to isolate control systems, separating life-and-safety systems from convenience systems,” said Mogull at Securosis. “You need extensive compartmentalization around safety systems, and this get very complicate when people want cars that park themselves.”
But the problem with air gaps is that some new technology requires in-car networks to communicate with one another. If a consumer wants a car with autonomous parking features, for instance, the vehicle would need steering and engine control and wireless access.
Steve Hultquist, a cybersecurity expert at RedSeal security analytics company, says another way to boost cybersecurity is by forcing systems to check with a human before performing certain tasks. He compared it to situations where computer users have to give permission to IT specialists to access their computers remotely.
“If the functions are not air-gapped, then it's clear that special access approaches, including what the technology industry would term multi-factor authentication, must be used,” he said. “These methods would likely include approval by the vehicle operator before the vehicle would allow access.”
Human authorization, which is common in computer operating systems, such as requiring permission to install software or download a file, would work for some functions but wouldn’t be useful for safety maneuvers, like asking permission to autonomously brake to avoid a rear end collision.
To protect safety-critical vehicle functions from hackers, security experts say automakers simply need to assume the world is a hostile place and that every single computer operated device in a car uses the same complex software encryption and authentication deployed to process mobile payments. There should also be a strict security monitoring and alert system when there is a network breach.
Manufacturers are more aware than ever of these vulnerabilities, but as recent hacking events have shown, they need to do more to weed out the risks. There are few interconnected mobile devices that need more cybersecurity protections than the modern car.
“What the car manufacturers need to do is give more thought to the security implications of these emerging technologies,” said Taggart.