The Internet of Things (IoT) aims to enhance the way we engage with devices around the home and we are now beginning to see the growth of this technology reach our driveways. Specifically, our automobiles. According to IHS Automotive, within five years there will be 152 million vehicles connected to the Internet via mobile apps that are now available with some car models. These apps can control your vehicle’s climate systems to providing Wi-Fi “hotspots” for mobile Internet access within the vehicle.
However, the growth of connected cars has raised some concern. Following the hacking trend directed at IoT devices in the household, the question is being asked: How safe is the public from hacked automobiles?
Imagine this scenario: you’re driving along a busy highway when without warning, your car’s brakes or steering wheel locks up. Or, you slow down as you approach a traffic light and your vehicle starts accelerating. Is this possible? If so, would this affect the car industry with determining culpability? Furthermore, what does this mean for public safety?
As more automobiles connect drivers and passengers with onboard systems, the more similar these systems are to mobile computers and this evolution could very well carry hacking over to our cars. Just recently, the Operations Chief for Apple Computers, Jeff Williams, alluded to Apple’s interest in the automotive market stating, “…the car is the ultimate mobile device…” This statement shows how attractive the automobile industry is to technology companies.
The more that vehicles are equipped with technology, however, the greater the increase for vulnerabilities. During a security conference in the summer of 2014, students from Zhejiang University successfully hacked into Tesla’s Model S and were able to open its doors and sunroof, switch on its headlights, and engage the vehicle’s horn – while the car was in motion. The Tesla brand is not unique in this regard. Numerous examples and exploits have been recently published on the hacking of vehicles.
In February 2015, U.S. Senator Edward Markey, from Massachusetts, released a report that discusses how vehicles may be vulnerable to hackers and how driver information is collected and protected. Some of his key findings state that nearly 100% of cars on today’s market include wireless technology that could pose an opportunity for hackers and that most automobile manufacturers weren’t aware or were unable to report on past hacking incidents. Senator Markey is so concerned that he and Senator Richard Blumenthal, from Connecticut, have proposed legislation that would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure automobiles from hackers.
This threat doesn’t stop at traditional autos. It was recently reported by Consumer Affairs that driverless cars may also become vulnerable. Predicted to roll out to the roads of America by 2020, self-driving cars will be outfitted with various sensors to navigate through different environments. If a hacker were to remotely access one of its sensors, such as LiDAR (light detection and radar), which helps avoid obstacles, the vehicle could be forced to accelerate into the object in its path instead of yielding or stopping.
Most of the software leveraged by car manufacturers is well known and consists of open systems, making the programming and networking standard. Therefore, not only do we see how low the barriers of protection are for hacking into an automobile, but the threat landscape is quite hospitable for attackers. Once you add motive, such as retaliation, this may provide a whole new category for destructive delivery devices.
Source: Help Net Security