There are a lot of great benefits to a connected car like the new Toyota Highlander: increased integration, a more comfortable driving experience and personalized controls, just to name a few. However, with increased computing power comes increased risk that hackers could take control of a car remotely, causing it to speed up, turn off, or turn unexpectedly, leading to potentially dangerous situations. As the technology and popularity of connected cars grows, car manufacturers are working to combat the problem and prevent car hackings.
The U.S. National Highway Traffic Safety Administration recently released cybersecurity guidelines for connected cars and encouraged manufacturers to adopt the practices, but the guidelines aren’t actual regulations and don’t carry any weight. As a result, a number of manufacturers are taking matters into their own hands to protect their cars and drivers and to fight a problem that most drivers don’t even know could impact them.
In 2015, security researchers successfully breached a Jeep Cherokee and even turned off the car’s transmission while it was being driven. The car was in St. Louis, while one of the researchers was sitting on a couch in Pittsburgh, highlighting the scary possibility that hackers could remotely control cars from great distances. The event led Jeep’s parent company, Fiat Chrysler, to recall 1.4 million vehicles for the purpose of installing protective software against future breaches.
It also motivated other car manufacturers to take a harder look at their cybersecurity systems. Protecting connected cars is of vital importance as more car companies follow in Tesla’s footsteps and offer major vehicle upgrades through wireless data links, which the FBI has warned could be a target for cyber-criminals.
After the first successful test hacks, most manufacturers separated the systems controlling things like the entertainment system and the steering wheel, meaning that if hackers were somehow able to access one area of the car, they wouldn’t automatically have access to everything else. However, more advanced and integrated cars have made it difficult to keep the systems completely separate.
Tesla and BMW already have programs in place that instantly upgrade software to stay ahead of hackers, similar to what personal computer manufacturers run, and most other manufacturers have plans to implement similar programs.
But even with a concerted effort at connected car safety, there are still challenges. Many car materials are designed by third-party manufacturers, which means the auto company might not be completely aware of its cybersecurity vulnerabilities. Some aspects of the car are difficult to isolate from the parts of the system that make the car go and stop. After a car crash, for example, the doors are programmed to unlock automatically; to keep that important safety feature intact, the locks must be connected to the main engine of the car.
Some companies, such as Tesla and GM, have appointed cybersecurity officers to lead the charge to safeguard the systems. Companies with designated departments and employees to fight hackers seem to be having the most rapid success of protecting their cars. In 2015, many of the major auto manufacturers along with the federal government formed a group to collaborate about attack prevention and share their findings. The idea is to take a proactive approach to stay ahead of hackers, similar to what has been done in the aviation industry.
Many companies are also increasing their tests to see if hacking is possible. Companies contract with cybersecurity firms and universities to see if they can break through the system, which then tells the auto manufacturer where the holes are. Audi even offers rewards to firms that can find flaws in their system.
Yet, despite the industry’s best efforts, connected cars will never be completely safe from hacking. Like what’s been seen in other areas including personal computers and mobile devices, as companies find new ways to keep their systems safe, hackers find new ways to work through the glitches.