A major strategy
for car-makers to protect vehicles from cyber hijacking is to reduce the
number of communications gateways to crucial systems.
San Francisco — WikiLeaks documents showing the CIA
considered a "mission" against connected car technology underscores
auto-bindustry concern that the science behind the next generation of
vehicles could be turned against them.
Cyber security is considered key to the roll-out of tomorrow’s self-driving and today’s connected cars, which resemble computers on wheels with a host of communications routes that hackers could target.
If consumers are to trust smart vehicles, they must deem them safe from attack. Security experts cite the terrifying hypothetical example of a remote attack on a fully autonomous vehicle with no steering wheel or brakes, in which the passenger would have no recourse to regain manual control of the car. "You have a lot of car companies trying to design cars to be better suited to automation, which means they’re more attractive to hackers," said auto consultant Roger Lanctot of Strategy Analytics.
Cyber security is considered key to the roll-out of tomorrow’s self-driving and today’s connected cars, which resemble computers on wheels with a host of communications routes that hackers could target.
If consumers are to trust smart vehicles, they must deem them safe from attack. Security experts cite the terrifying hypothetical example of a remote attack on a fully autonomous vehicle with no steering wheel or brakes, in which the passenger would have no recourse to regain manual control of the car. "You have a lot of car companies trying to design cars to be better suited to automation, which means they’re more attractive to hackers," said auto consultant Roger Lanctot of Strategy Analytics.
A major strategy for auto-makers is to reduce the number
of communications gateways to crucial systems and to require services
offered by third parties to go through a single secure path. WikiLeaks
documents show the CIA citing "vehicle systems" and a car operating
system from QNX, owned by Blackberry, as "potential mission areas" for
the CIA’s "embedded devices branch" to consider.
The QNX operating system, which is used by most global auto-makers, provides a "a comprehensive, multi-level, policy-driven security model ... to mitigate attacks," the company said in a statement to Reuters. But given the collection of software, hardware and network components that make up a connected car, "security is only as strong as its weakest link," it said.
While the CIA’s interest in cars brought widespread attention, the industry has already received wake-up calls about cars’ potential to be hacked.
In 2015, researchers used a wireless connection to turn off a Jeep Cherokee’s engine, prompting a recall of 1.4-million vehicles by Fiat Chrysler Automobiles. In September last year, Chinese cyber security researchers hacked a Tesla Model S sedan, remotely tapping the brakes and popping the trunk. The electric car-maker subsequently patched the bugs using an over-the-air fix. Tesla did not respond to a request for comment on its cyber-security protocol.
The QNX operating system, which is used by most global auto-makers, provides a "a comprehensive, multi-level, policy-driven security model ... to mitigate attacks," the company said in a statement to Reuters. But given the collection of software, hardware and network components that make up a connected car, "security is only as strong as its weakest link," it said.
While the CIA’s interest in cars brought widespread attention, the industry has already received wake-up calls about cars’ potential to be hacked.
In 2015, researchers used a wireless connection to turn off a Jeep Cherokee’s engine, prompting a recall of 1.4-million vehicles by Fiat Chrysler Automobiles. In September last year, Chinese cyber security researchers hacked a Tesla Model S sedan, remotely tapping the brakes and popping the trunk. The electric car-maker subsequently patched the bugs using an over-the-air fix. Tesla did not respond to a request for comment on its cyber-security protocol.
The hacking of the Jeep and the Tesla "brought it home to
the industry that even if it’s improbable, it’s technically possible",
said Mark Wakefield, global co-head of the automotive practice at
AlixPartners. If a car was seen as vulnerable, it "could be a big brand
problem", he said. Hacks could also expose private information shared
between car and third parties — credit card numbers, account numbers or
passwords — to theft.
A January survey by the University of Michigan’s Transportation Research Institute found that 33% of respondents said they were "extremely concerned" over hacking of full self-driving cars to cause crashes.
A January survey by the University of Michigan’s Transportation Research Institute found that 33% of respondents said they were "extremely concerned" over hacking of full self-driving cars to cause crashes.
Closing down the ways in
The number of ways into cars has proliferated, from cellphone signals to dongles. One such gateway is the standard OBD-II port found under the steering wheel historically used for onboard diagnostics. Today, hundreds of after-market devices use the port, whether to monitor driving for insurance needs or provide conveniences, such as safety alerts.The first step the industry is tackling is intrusion detection, said Lanctot. But what to do when a breach is detected is complicated, because shutting off parts of a car could be unsafe, he said.
Tesla was first to champion "over-the-air" technology in which wireless software updates are sent remotely to cars. Although some have argued such updates are a way in for hackers, Tesla and others see them a key protection to upgrade security and repair vulnerabilities quickly.
In January, US law-makers introduced a bill calling for cyber-security standards for new cars, but so far US regulators have issued recommendations, not rules, on how car-makers should shield their computer systems from hackers.
The industry is "years away" from solving the cyber-security problem, Lanctot said, noting that the first generation of cars built after the Jeep hack that include some kind of detection capabilities will not be seen until early in 2018.
Reuters
No comments:
Post a Comment