Hackable cars: Functionality at the cost of safety
Tony Dyhouse of the Trustworthy Software Initiative sat down with SC Magazine to discuss car hacking and the automotive industry's blind-spot towards it.
Car hacking is a threat that isn't being paid as much attention as it should be
Car automation has filled tech-headlines in the last couple of years and set the technologically inclined watering at the mouth. What might have seen less publicity is the looming danger of being able to hack and hijack that technology. However exciting the prospect of a self-driving car might be, it's equally as scary to think that it might not be so self-driving as the passenger might have once believed.
Even now, forms of car hacking are in relatively wide-use. London's Metropolitan police has reported that 6,000 vehicles in the capital were stolen with small devices that hack the locks and ignitions of keyless cars and car-hacking manuals are readily available. This danger hasn't gone on so much unrecognised as it has been overlooked.
Tony Dyhouse is a cyber-sec veteran of the Trustworthy Software Initiative, an initiative which wants to help bring about a sea-change in the way we look at software. He sat down with SC magazine UK, to discuss the potentially looming, but all too often quiet problems on the horizon of vehicle hacking.
Dyhouse has been around the cyber-security block a number of times, in fact he was there pretty much from it's beginning. Notably he spent a number of years with Qinetiq, one of the great giants of the cyber-security and defence industry. After several of other high profile positions in the industry, Dyhouse found himself at the Trustworthy Software Initiative, where he sits now as its knowledge transfer director, encouraging best practice in cyber-security.
The problem, thinks Dyhouse, is that companies are pushing themselves towards increasing amounts of functionality, at the cost of safety: “functionality sells now: we want more functionality and we get it but largely at the expense of testing.”
That push for functionality is largely driven through the on-board ‘infotainment' system, which connects the GPS and radio to the drive systems and engine management of the car. This problem might not even be isolated to cars: The FBI is currently investigating a man who claimed to have changed the speed and direction of an airplane from his seat via the onboard infotainment system.
The CAN bus system, found in all European cars, is particularly worrying , Dyhouse said, as it's essentially an “open network” and “the infotainment system is connected to the same network that controls the engine management, the brakes and all the safety measures on the car.” So, if somebody wants to hack that vehicle, “it's quite simple to do so.” All this leads to a situation where the actual driving of the car can be hijacked through the radio.
He thinks that the car industry should learn from cyber-security in business: “"we need within those vehicle networks the same things we would see within a business network, we should have them firewalled off from each other, we should have intrusion detection systems.