With some predictions of “self driving cars” being available to consumers as early as 2018, the rapid adoption of technology into the basics of driving is posing some interesting challenges from a security standpoint. In a recent TV news report, Closer Look: Newer Cars May Pose Hacking Risk, McAfee’s Brian Contos discusses some of these challenges.
Electric vehicles (EVs) and Hybrid vehicles (HVs) are using microprocessors to tie data from large, high-speed sensor arrays, to calculate data about everything from charge data and fuel efficiency to tire pressure. Like many modern cars, EVs and HVs have replaced many previously purely mechanical systems with ones that are entirely electronic in nature. Drive by wire, brake-timing and dynamic fuel oxygenation levels are all examples of these advancements. Some cars can even parallel-park themselves. This change has granted complex onboard microprocessors an unbelievable amount of control over the general operation of EV and HVs, including several safety critical systems.
Being green on the road requires being very high-tech under the hood. Manufacturers are in a hurry to show the newest “green” technology, or to show how advancements in “In vehicle Infotainment” systems are bringing new and interesting features to your driving experience. Auto companies are using real-time cellular internet connections to feed traffic, road conditions and weather to navigation systems, streaming music and entertainment and even allowing remote control of your car. While there has historically been “remote assistance services” for major lines of autos, there are now mobile phone apps (OnStar RemoteLink and Viper SmartStart iPhone apps) that allow you to control your car directly from your hand.
A Recent look at work on the data security of some of these individual auto components and the systems themselves has shown that security is not automatically the highest priority for auto manufacturers (Read McAfee’s report: Caution Malware Ahead). While several have begun to make efforts to address current and past problems, the complexity of these systems continues to grow. With the increasing number of these cars showing up on the road, the auto industry may not be prepared for a widespread security issue. While the industry has had its share of “recall” activity, there isn’t a wide ability to patch known bad or infected car systems, or even quickly and easily notify those affected, without causing serious overload on dealerships and potential negative media attention.
As the auto industry continues to innovate and push new technology deeper into each new car model, it’s equally important the industry consider the security implications of doing so. Proper security design has to happen at the beginning of the process, and needs to be approached in a holistic manner. Modern cars have a variety of technology from several vendors and subcontractors. Each new component offers both a new feature and a potential new threat. Auto companies are increasing the vulnerability of the attack surface by providing technology for easy data access and data sharing, creating a digital landscape behind the driver’s seat. These new attack surfaces need to be paired with effective analysis of threats (Read McAfee’s 2012 Threats Predictions) that can potentially affect such complex and connected systems. Auto companies can then be better prepared to quickly identify and fix those threats to customers.