We associate these connected cars with modern technology; autonomous cars and mobile technology, and to a degree, there is some truth in that. However, manufacturers like McLaren were fitting modems for remote diagnosis over twenty-five years ago.
To the layman, the thought of these cars or this technology being hacked is fantasy, but we've seen on a number of occasions that not only is it possible, but for many, you could be the other side of the world and still gain access to it.
2016: Researches showed how the Nissan Leaf could be hacked from anywhere in the world, via a simple app.
2015: The BMW ConnectedDrive system was hacked to unlock a BMW, showing that it could be done for any BMW using the system.
It's enough of a threat that both the UK's Department for Transport (DfT) and the European Union Agency for Networks and Information Security have separately published guidelines for recommendations for manufacturers and retailers.
The most immediate fix relies on the design of the hardware and software in both ordinary and autonomous cars, and although there are no fixes, there are a number of plans in place to aid the situation:
Fast, low-level security measures incorporated in the design and build of all microchips, running alongside further measures incorporated into the firmware and software.
Development of real-time detection systems that continuously monitor the connected systems fitted to the vehicle and ensure that any unusual activity is reported and prevented.
Development of trusted vehicle-to-vehicle communication systems.
Development of protocols for firmware updates to enable a vehicles software security to be updated through over-the-air transmissions.
Understanding the threat is key to making these connected cars secure; external connections are a must, they're needed for information, manufacturing data, diagnostics, data gathering, external connections for some functionality, driver profiles … the problem with connected vehicles is just that – they're connected to many different aspects of our lives.
Perhaps part of understanding the threat landscape, is to understand why a criminal would want to gain access to a car, after all, smashing a window would give them access to anything in the car, perhaps the car itself.
There has been a lot of discussion recently regarding Ransomware, and a car is no different. Not only will a smart car store sensitive, personal information which could be of interest, but even taking a step back from that, if you're travelling anywhere, it's possible that a hacker could put a halt on your journey until a ransom is paid – and that could be any journey – business meeting, shopping, or even a holiday; when you rely on your car, life becomes tough without it.
There is a positive
Theoretically, there could be a positive to come out of this.
Surely, if cyber-criminals can gain access to a vehicle to take control or shut it down, law enforcement agencies the world over could do the same?
How many times have we seen police officers risk life and limb to ‘TPAC' a car (effectively a planned accident)? Or discontinue a pursuit because it's too dangerous to carry on?
The problem is, where or how do we draw that line? Giving law enforcement agencies a ‘backdoor' to any control system will be akin to handing over the keys to a criminal, and let's be honest, when it comes to crime, it does seem as though the criminals are invariably one step in front of the Police.
Contributed by Giles Kirkland, car expert and blogger at Oponeo.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.