Leading security experts at the Geneva International Motor Show claim manufacturers are not doing enough to protect their connected cars against malicious cyber-attacks.
Manufacturers are not doing enough to protect their connected cars against malicious cyber-attacks. That is the opinion of leading security experts at the Geneva International Motor Show.
Official UK data suggests that vehicle theft has risen by around 30% as criminals use new technology to break into cars. For example, “relay car hackers” use radio transmitters to intercept the signal from a car key, often gaining access to a vehicle in less than a minute.
Malware is another commonly used ploy. Falling victim can take no more than registering for a bogus free Wi-Fi service, which is all that is required to give criminals complete control of your car.
Car theft is far from the only threat, however. A recent report warns that terrorists could hack into connected and autonomous vehicles in order to crash them deliberately.
One of the most quoted statistics about connected cars is that together all the built-in software systems contain more than 100 million lines of code. That is twice as many lines of code as CERN’s Large Hadron Collider, the world’s most powerful particle accelerator, and seven times more than the Boeing 787 Dreamliner.
Chuck Brokish of Green Hills Software compares car security to the snapping turtles in his native Wisconsin. He claims that the amphibians combine powerful jaws with a shell so hard that cars can run over them without doing any damage.
Flip the turtles over, however, and their soft bellies make them extremely vulnerable, he says. Brokish likens this to the “medium robustness” security systems of connected cars, which offer protection against casual attacks but cannot cope with a targeted onslaught.
The experts say that connected cars should be fitted with security systems and mechanisms that provide the most stringent protection and rigorous security countermeasures. Usually, it is not the case.
“It’s like leaving your front door open,” says Manfred Kunz of Marvell, “and expecting someone in your living-room to protect your home.”
Analysts are urging more carmakers to take greater responsibility for cyber security. Unfortunately, many are only willing to do the minimum, as security can be expensive.
In the end it will come down to whether consumers are prepared to pay more to move beyond snapping turtle technology. There are signs that this may be the case.
A study published recently identifies consumer concerns about cybersecurity and safety as a significant barrier to continued growth in the connected car sector. Thirty-one per cent of respondents to Foley’s Connected Cars and Autonomous Vehicles Survey identified these concerns as the biggest obstacle to buying connected cars.
International Standards already provide manufacturers with the best practice guidelines they need to step up cyber security.
In this respect, a UNECE document on System Security Principles highlights the important role played by the IEC in providing the tools to protect connected and automated vehicles against cyber attacks. It lists no fewer than eleven ISO/IEC JTC 1 applicable standards and guidance documents.