Automotive cyber-security. Are we safe? And should police get backdoors?
Automotive cyber-security. Are we safe? And should police get backdoors?
It's often said that the modern ‘smart' car has more in common with computing power rather than horsepower, and thanks to technology getting ever smarter and more complex, we're told that a modern smart car has more lines of computer code than a fighter jet (which can't fly without computers). 

We associate these connected cars with modern technology; autonomous cars and mobile technology, and to a degree, there is some truth in that. However, manufacturers like McLaren were fitting modems for remote diagnosis over twenty-five years ago. 

Hacked

To the layman, the thought of these cars or this technology being hacked is fantasy, but we've seen on a number of occasions that not only is it possible, but for many, you could be the other side of the world and still gain access to it.

2016: Researches showed how the Nissan Leaf could be hacked from anywhere in the world, via a simple app.

2015: A Jeep Cherokee was taken over by researchers, who managed to crash the vehicle off-road.

2015: The BMW ConnectedDrive system was hacked to unlock a BMW, showing that it could be done for any BMW using the system. 

It's enough of a threat that both the UK's Department for Transport (DfT) and the European Union Agency for Networks and Information Security have separately published guidelines for recommendations for manufacturers and retailers. 

Current measures

The most immediate fix relies on the design of the hardware and software in both ordinary and autonomous cars, and although there are no fixes, there are a number of plans in place to aid the situation:

Fast, low-level security measures incorporated in the design and build of all microchips, running alongside further measures incorporated into the firmware and software.

Development of real-time detection systems that continuously monitor the connected systems fitted to the vehicle and ensure that any unusual activity is reported and prevented.

Development of trusted vehicle-to-vehicle communication systems.

Development of protocols for firmware updates to enable a vehicles software security to be updated through over-the-air transmissions.

Understanding the threat is key to making these connected cars secure; external connections are a must, they're needed for information, manufacturing data, diagnostics, data gathering, external connections for some functionality, driver profiles … the problem with connected vehicles is just that – they're connected to many different aspects of our lives. 

Why?

Perhaps part of understanding the threat landscape, is to understand why a criminal would want to gain access to a car, after all, smashing a window would give them access to anything in the car, perhaps the car itself. 

There has been a lot of discussion recently regarding Ransomware, and a car is no different. Not only will a smart car store sensitive, personal information which could be of interest, but even taking a step back from that, if you're travelling anywhere, it's possible that a hacker could put a halt on your journey until a ransom is paid – and that could be any journey – business meeting, shopping, or even a holiday; when you rely on your car, life becomes tough without it. 

There is a positive

Theoretically, there could be a positive to come out of this. 

Surely, if cyber-criminals can gain access to a vehicle to take control or shut it down, law enforcement agencies the world over could do the same?

How many times have we seen police officers risk life and limb to ‘TPAC' a car (effectively a planned accident)? Or discontinue a pursuit because it's too dangerous to carry on?

The problem is, where or how do we draw that line? Giving law enforcement agencies a ‘backdoor' to any control system will be akin to handing over the keys to a criminal, and let's be honest, when it comes to crime, it does seem as though the criminals are invariably one step in front of the Police. 

Realistically, cyber-crime within the automotive industry is low, but that's partially because a fully-connected smart car is in the minority currently. In another ten or fifteen years, these autonomous vehicles will be commonplace, and with the rise in numbers must surely come the rise in crime?  

Contributed by Giles Kirkland, car expert and blogger at Oponeo

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.