Highway hacking poses huge threat
Business DriverPublished July 4, 2014
Business DriverPublished July 4, 2014
I recently had a nasty brush with an online virus, which paralyzed my laptop for a few hours before I managed to find a way to disarm the threat.
The whole thing left me frantic — and I was just checking my email from the comfort of my home.
Now imagine that happening to your car while you are cruising down the 401 at 100 km/h.
A non-responsive steering wheel. Or stalled brakes. Or a less dangerous but far more annoying blaring horn?
As paranoid as it may sound, connected cars could make that a reality. After all, “tablets on wheels” are not that much different from actual tablets.
The likes of Apple and Google are constantly vying for control of your dashboard, trying to turn it into another platform for all things online. The latter recently launched its in-vehicle operating system called Android Auto, while the former introduced its CarPlay this year.
Similarly, more and more automakers are bringing the Internet to the car through tie-ins with various service providers.
But Android — probably because of its open-source DNA — is particularly vulnerable to online attacks from viruses and hackers.
Reports show that malware-laden apps on the Google Store have rapidly increased — actually quadrupled, by at least one measure — in the past couple of years.
With attempts to directly port these apps to a vehicle’s infotainment system, the risk of external threats is bound to increase, according to security experts.
One report making the rounds of tech blogs following a recent online security conference in Singapore, found that it may be pretty simple for hackers to do some mischief on the road.
Ernst & Young security expert Nitesh Dhanjani found that someone could easily unlock a Tesla by hacking the password on a remote access app offered by the EV maker. He also claims that Tesla cars are vulnerable to third-party apps.
Of course, the potential damage demonstrated by Dhanjani seems fairly tame. But connectivity and electronic content in vehicles is on the rise. More than 50 per cent of vehicles in North America will have some form of connectivity by 2020, according to Frost & Sullivan data.
More importantly, the matrix of complex sensors and communication systems will be far more embedded in these vehicles, and control more important functions.
Many of these internal electronic systems were built to work within a closed system. Now, they are being turned outward to boost functionalities such as telematics access and remote diagnostics.
Data released this year by the Center for Automotive Research in Ann Arbor, Mich., revealed that today’s average car contains 60 microprocessors and nearly 18 million lines of software code (and that doesn’t take into account the millions of lines of code required by the slew of new operating systems invading modern vehicles.
The topic of vehicle security, particularly that of illegal access through wireless systems, has been gaining serious traction after a 2010 research study by University of Washington and University of California (San Diego) scientists that clearly demonstrated the remote vulnerabilities of today’s vehicles.
So far, automakers seem confident they can tackle any threats.
Right around the time Tesla’s vulnerabilities were revealed, the company hired a woman named Kristin Paget. Tesla has never revealed her true role in the organization, but insiders know that she is a hacker who has worked with the likes of Apple and Google to help build better armour.
Similarly, infotainment companies such as Harman and world-leading suppliers such as Continental are partnering with online giants such as IBM and Cisco to tackle security issues. In fact, Continental has gone as far as to reveal that it is holding back on many functionalities of systems it supplies to automakers, in order to first ensure they are hacker-proof.
There have been no reported instances of car hacking, but lawmakers are already getting busy south of the border.
Future automated cars could be potentially devastating targets of hacking.
The National Highway Traffic Safety Administration launched a research study aimed to better understand cyber-threats on autonomous vehicles.
The findings are expected to be used for drafting future guidelines and legislation.
Kumar Saha is a Toronto-based automotive analyst with the global research firm Frost & Sullivan. firstname.lastname@example.org
Register now to access all features including:
All for free!
Welcome to Wheels!
As a final step we've sent a confirmation to your email address as a security measure. Please click the link in the email to complete your registration.
DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY
TO THE FULLEST EXTENT PERMITTED BY LAW, TORONTO STAR IS PROVIDING THE TORONTO STAR WEBSITES ON AN "AS IS" AND "AS AVAILABLE" BASIS AND MAKES NO WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, IN ANY CONNECTION WITH THE TORONTO STAR WEBSITES, THEIR CONTENTS, OR ANY WEB SITE OR CONTENTS WITH WHICH IT IS LINKED. TORONTO STAR DOES NOT WARRANT THAT THE FUNCTION OF THE TORONTO STAR WEBSITES OR THEIR CONTENTS WILL BE UNINTERRUPTED OR ERROR FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE TORONTO STAR WEBSITES OR THE SERVERS THAT MAKE IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
TO THE FULLEST EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, SHALL TORONTO STAR BE LIABLE FOR ANY LOSS OF USE, LOSS OF DATA, LOSS OF INCOME OR PROFIT, LOSS OF OR DAMAGE TO PROPERTY, OR FOR ANY DAMAGES OF ANY KIND OR CHARACTER (INCLUDING WITHOUT LIMITATION ANY COMPENSATORY, INCIDENTAL, DIRECT, INDIRECT, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES), EVEN IF TORONTO STAR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE TORONTO STAR WEBSITES, THEIR CONTENTS, OR ANY WEBSITE OR CONTENTS WITH WHICH IT IS LINKED. IN NO EVENT SHALL TORONTO STAR'S TOTAL LIABILITY FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE), OR OTHERWISE, EXCEED THE AMOUNT PAID BY YOU FOR ACCESSING THIS SITE.X