Cyber threats against cars are here to stay, experts say

October 02, 2015 // By Christoph Hammerschmidt
The rise of the connected car definitively catapults our traditional set of wheels into the world of information technology. This arrival confronts carmakers with an unfamiliar challenge: The possibility of getting hacked. At a meeting in Dresden (Germany), experts analysed the threat and potential approaches to harden the vehicles against malicious attacks.

Losing control over your vehicle is a very frightening experience. The video of a driver helplessly cranking the wheel while his Jeep Cherokee drove into the ditch, remotely controlled by a hacker duo, scared the world. This orchestration, in the headlines as recently as past August, should have been the last wake-up call for automotive electronics designers: Car can get hacked, and they should move quickly to lock any hackers out. At the Cyber Secure Car industry meeting this week in Dresden, experts from the automotive value chain, the academic research community and the electronics and software industry discussed the current position of the car industry in terms of cyber security, hacker motivations and practices and potential measures to make cars more secure and - since in the car security is equivalent to safety - safer.

Carmakers and their suppliers urgently need to make themselves knowledgeable about the risk, this was the unanimous position of the presenters. Given the average age of the cars out on the streets of some ten years, currently only a small percentage of this “installed bas” already possesses a wireless interface to the outside world. But the number of connected cars will increase steeply over the next decade, and malicious attacks will increase in parallel, predicted Florent Frederix from the Online Trust and Cyber Security unit of the European Commission’s Directorate-General for Communications Networks, Content and Technology.

But there is no need to wait for the connected car, already all contemporaneous vehicles have some kind of wireless interface that can potentially used for an attack. “There are more than 50 attack points in the connected car ecosystem”, said Mike Parris who oversees the Secure Car Division at British telematics and automotive security consultancy SBD. “Any point of the ecosystem can be hacked”. Like Frederix, he highlighted the parallelism of the connected car with the Internet of Things. “After Stuxnet (the computer virus that infected and damaged the Iranian uranium centrifuges) it became aware to the criminal scene that such a sophisticated hack is possible”, he said. “The threat of real-world hacking is a ticking time-bomb”. Parris went so far to say that “there are only two types of cars: Those who have been hacked and those who will be hacked”, only slightly modifying a quote of FBI director Robert Mueller in 2012. “There is a perfect storm brewing”.