Opinion: The risk of hacking connected vehicles is real
Posted: August 13, 2019 by Rolf Lockwood
While I spend a lot of time looking at our technological future in the normal course of events, I dove deeper than usual these last couple of days. Did nothing else, and I came away gobsmacked in both good and bad ways.
The world of artificial intelligence is exploding with innovation. Like the Valeo technology that can “see” through the vehicle in front of you – including tractors that are pulling loaded van trailers – to show you the road and traffic ahead. Really. The vehicle ahead becomes essentially invisible. I came across that just as I realized I’d better get writing, so I didn’t pursue it. But I’ll presume that this is a product of connected-vehicle development, and that the vehicle to the rear links to the forward car or truck’s cameras, and sends an image back to be displayed on the follower’s screen. Kinda weird, but oh so useful.
That stuff may be a little way out, but long before we start talking about autonomous vehicles, we already have very computerized trucks and cars that are increasingly connected to wide-area communications networks — making them part of the Internet of Things (IoT). And critically, the mechanisms that control their acceleration, steering, and braking can be overridden by computers and software.
“The troubling issue for industry technologists is that these vehicles’ safety-critical systems are being linked to the Internet without adequate security and with no way to disconnect them in the event of a fleet-wide hack,” notes a recent report by the U.S. non-profit Consumer Watchdog, entitled Kill Switch.
“This is a dangerous combination, as it creates the potential for hackers to take control of vehicles remotely. Unlike other ‘connected’ technologies in which hackers can only steal information or money, hacked cars have the potential to cause property damage and deaths. Whereas the military and aviation industries carefully avoid connecting dangerous machines to the Internet, the auto industry has yet to learn this lesson.
“Millions of cars on the internet running the same software means a single exploit can affect millions of vehicles simultaneously. A hacker with only modest resources could launch a massive attack against our automotive infrastructure, potentially causing thousands of fatalities and disrupting our most critical form of transportation.”
The report talks only about connected cars, but the issue obviously involves our trucks as well. And in age where cyberwarfare is very real – look at the last U.S. election for a mighty disturbing example – there are huge risks in here. Really huge.
One seemingly outlandish example is that hackers could, unless we prevent it, organize so-called “BotNet armies” of connected vehicles, banding together to cause havoc. Malevolent gangs of cars are one thing, but imagine what a swarm of evil 80,000-pounders could do.
I know, you’ll dismiss that as paranoid codswallop, but I promise you, there are lots of very serious software engineers and techie nerds who envision the possibility of exactly that sort of mayhem.
“Viruses can spread vehicle-to-vehicle,” the Consumer Watchdog report says. “Malicious wifi hotspots can infect any susceptible vehicle that passes within range. Cars can be infected with ‘sleeper’ malware that wakes at a given date and time, or in response to an external signal, resulting in a massive co-ordinated attack.”
Its conclusion is a simple and straightforward fix that should be done ASAP.
“To protect the public, carmakers should install 50-cent ‘kill switches’ in every vehicle,
allowing consumers to physically disconnect their cars from the Internet and other wide-area networks,” the report urges. “Otherwise, if a 9/11-like cyber-attack on our cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. Mandatory ‘kill switches’ would solve that problem.”
Obviously, it also says future designs should isolate safety-critical componentry from infotainment systems connected to the internet or other networks.