As more self driving cars and connected cars take to the road, it becomes critical that drivers, communities, and manufacturers understand the cybersecurity implications and risks. More than that, it’s also imperative to look at how these types of attacks can be prevented.
Read the full story….
Cars are getting smarter. They’re also gaining weight. The average car can weigh three to four tons or more. By 2020, connected car production is expected to break 60 million, according to Gartner. With all that smart and heavy metal on the road, there’s potential for all kinds of peril. To help us understand the intersection of automation and cybersecurity, we talked with Alon Kantor, vice president of Business Development at Check Point Software.
CT: Alon, how smart and connected are cars today?
AK: More and more cars are being connected today to both the internet as well as to private data centers. On top of that, we’re seeing more services being provided to vehicles, such as web-enabled navigation systems, remote assistance to drivers, emergency services, and even entertainment.
Today’s cars have many computerized systems that run almost all of the vehicle’s functionality. The number of ECUs (electronic control units)—the computer devices that make the car “smart”—can range anywhere from 30 to 100-plus.
We expect this trend will continue to grow in the coming years and gain a significant boost, especially with the introduction of fully autonomous vehicles.
CT: Have there been any incidents yet where hackers have commandeered a car outside the context of conducting an experiment?
AK: Well, first of all, some of the experimental hacks that were conducted were published before vulnerabilities were fixed. So, this could have allowed attackers to gain full control over the vehicles in the wild.
Outside of the experiments, though, an interesting incident happened several years ago in Austin, Texas. More than 100 drivers found their cars disabled or their horns honking out of control. What happened was an intruder hacked a web-based vehicle-immobilization system that’s normally used to alert consumers who are delinquent in their auto payments.
We can’t really know for sure how many of these types of incidents happen because we don’t know if they’re being reported. But that said, we’ve seen numerous hacks that were conducted in order to break into cars to steal them, and to potentially cause damage beyond just theft of the vehicle.
CT: What does a worst-case scenario look like?
AK: I am not sure that there is a “worst-case scenario” because things could always go worse than expected and it is hard to predict what could be the most severe.
Certainly any hack that would result in fatal damage or severe injury would be a “worst-case scenario.” This could happen if hackers gained full access to the car’s critical systems while it was in motion.
On a larger scale, attackers could create mayhem in a community by taking control over a large number of vehicles at the same time and interfering with transportation and traffic flow.
Given the rising rate of ransomware attacks, it’s also not too hard to imagine a scenario in which hackers take over a car and demand payment in order to return control to the owner.
CT: Why should business leaders and executives care? Outside the automotive industry or our personal lives, what are the business risks/ implications?
AK: For commercial operations like shipping and delivery services, car rentals, or transportation services—all of which rely on vehicles for their business models—any disruption to the ongoing activity of the fleet could have severe implications on business continuity.
In the near future, autonomous cars will make this threat even more significant as more businesses rely on the smooth operation of fleets of vehicles.
In some ways, all of this is similar to the early days of the internet, when organizations did not fully realize the dangers of attacks on their websites. Today, the awareness is very different. With so many organizations conducting significant portions of their businesses online, it is clear to all that the threat of hacking into a company website is huge.
CT: How are cyber security experts solving the problem(s)?
AK: Two main aspects of security improvements can be seen in the design of vehicles and the development of security tools for cars by cybersecurity experts. It all comes down to adding security on top of existing vehicles and to the design of future cars. Manufacturers need to take security seriously and embed protective features and implementation guidelines in each and every car they develop. Unfortunately, we still do not see enough awareness around this.
A third aspect that is emerging for improving cybersecurity for the automotive industry is legislation in the US and in other countries. We expect these initiatives to require that all cars are manufactured and sold with proper cyber security solutions built into the systems.
Read more about connected cars here.