January 16th, 2020 at 9:58 am
As modern cars become more and more computerised, it is beginning to dawn on motorists that their precious vehicle could become the target for the attentions of a computer hacker. Is there such a thing as firewalls for cars or Macafee for motors?
When you link your phone to your car, you open up a highway of information that could be subject to raiders. Once you start using the Bluetooth technology or the Sat Nav, you are vulnerable. Modern cars have electronic systems which collect and store information which is gathered from your Smartphone There is a popular Smartphone app which can unlock your car doors, alter the heating and even book your car in for a service. Data from your Smartphone is stored in the car’s electronic systems as well as information about your driving habits, witness how your sat nav’s regular routes are remembered and suggested to you.
Many cars now range across the internet with technology which allows them to pick up and stream a wide variety of functions, these cars are described as, ‘connected’ and there are currently two million of them on UK roads. This figure is predicted to rise to 8.6 million by 2020.
Why would someone want to hack your car?
Mainly for the same reasons as they would try and hack your computer or your Smartphone, to cause disruption, to harvest personal data which can be used in a number of different ways and usually, ultimately, to make a financial gain in a criminal way. Ransomware could be used to deny you access to your car or to prevent you from driving it until the hacker is paid. Much more worryingly, particularly with the advent of Artificial Intelligence, could a car be intercepted whilst it was in motion and the electronic systems disrupted to cause an accident? Potentially, yes.
Computerisation in cars appeared decades ago but only in a small way, compare that with modern vehicles which are totally governed by hundreds of lines of computer coding. The computer element is now fully integrated into all of the car’s mechanical systems and the potential for disaster is very real.
Back in 2015, two American security experts, Chris Valasek and Charlie Miller hacked into a Jeep Cherokee. The poor driver suddenly experienced rapid blasts of cold air via the car’s climate control system which he was unable to adjust. Then full volume hip hop started on the car infotainment system followed in quick succession by the windscreen wipers starting with the finishing touch, a picture of the two hackers appearing on the digital display. Valasek and Miller had found a flaw in this ‘connected’ car’s infotainment system so essentially, anyone who had that car’s IP address could access it. They could then send their humourous commands to the car’s area network controller which allowed them to start operating the car’s functions although, on this occasion, they avoided tinkering with the steering and the brakes. Wherever there are electronics, there will be someone to hack into them as sure as night follows day.
Miller and Valasek’s stunt was just that, a stunt, but it showed up a real issue for automotive manufacturers and a big wake up call for Jeep who recalled 1.4 million Jeep Cherokees so they could issue a software patch to rectify the flaw. To be fair, the motor industry is taking the issue of cybersecurity pretty seriously and so it should. Nicking some personal data is one thing but controlling a car’s steering and brakes from remote is the stuff of nightmares. Most manufacturers now have dedicated departments with teams of expert staff working solely on the cybersecurity of their vehicles, to stay one step ahead of the hackers. Much of this integrated technology is still relatively new but with the right liaison within the industry, sensible advances can be made, like keeping the infotainment system totally separate from the systems which look after the engine and driver functions.
The unique vulnerabilities of Electric Vehicles
The National Grid has always had to defend itself against security issues, what better than to blackout an entire city?! Industry experts think that charging points for EVs could be vulnerable to hackers and allow them access to the grid.
The WannaCry ransomware attack which targeted the National Health Service is an example of how vulnerable large and essential organisations can be. Part of the fear within the energy sector comes from the fragmentation of energy control so individuals feeding into the National Grid from solar panels on their house and motorists accessing electricity via on-street communal charging points or personal chargers fitted at their home and which are external to the property.
So what steps are the motor industry and government taking?
The government is already in close conversation with the motor industry about the cybersecurity of cars so it is well on the case. In the States, there has been an annual Automotive Cybersecurity Summit which has been running since 2000 with the aim of bringing together manufacturers and interested parties to pool their knowledge and resources about the cybersecurity threats to vehicles.
On a personal level, is there anything you can do to protect yourself against hacking in your vehicle?
- Monitor updates from your car’s manufacturer to see whether there are any issues with security that need patching or any updates or recalls. There is a handy government tool which can check whether or not your car has any outstanding products recalls at gov.uk/vehicle-recalls-and-faults
- Regularly wipe your home address from the car system and sat nav if you use it and check out any security offers on your sat-nav system
- If you have inbuilt wi-fi in your vehicle, change the password from the default setting and never leave it written down anywhere in the car
- Don’t leave either wi-fi or Bluetooth on when they are not in use
- Keep your Smartphone up to date with the latest apps and security releases
- Don’t leave your home address in the sat nav, use a point within a few miles of your home instead
Electronics in cars is a wonderful development allowing motorists to do things unheard of even four or five years ago but where there are electronics and the internet, there are security risks and as cars become more computer-driven, these risks are only going to increase.