Group releases dire auto cyberattack warning
Warnings about connected vehicle vulnerabilities have been a steady drumbeat for years. Now, a consumer-advocacy group is putting it in starker terms, suggesting a mass cyberattack against such vehicles could lead to Sept. 11-level casualties.
California-based Consumer Watchdog has issued a 49-page report that paints a dire picture and urges automakers to install 50-cent “kill switches” to allow vehicles to be disconnected from the Internet. The report highlights numerous widely reported instances of remote vehicle hacking, such as a 2015 demonstration involving a Jeep Cherokee left crawling along a St. Louis-area freeway.
“Millions of cars on the internet running the same software means a single exploit can affect millions of vehicles simultaneously,” the group warned. “A hacker with only modest resources could launch a massive attack against our automotive infrastructure, potentially causing thousands of fatalities and disrupting our most critical form of transportation.”
The report highlights what it describes as the key security flaw in connected vehicles, noting that the potential vulnerability is growing because of the increasing number of such vehicles on the roads.
“Experts agree that connecting safetycritical components to the internet through a complex information and entertainment device is a security flaw. This design allows hackers to control a vehicle’s operations and take it over from across the internet,” the report said.
The report said various automakers — Tesla, Daimler, Ford, General Motors and BMW, for instance — have disclosed the cyber risks to their investors.
Gloria Bergquist, a spokeswoman for the Alliance of Automobile Manufacturers, an industry trade group, suggested the report could be an attentiongetting ploy, and she defended the industry’s cybersecurity efforts.
“It is not unusual to see groups seeking attention right before the August cybersecurity meetings in Vegas. But today, cybersecurity is a priority to every industry using computer systems, including automobiles. Automakers know their customers care about security, and automakers are taking many protective actions, including designing vehicles from the start with security features and adding cybersecurity measures to new and redesigned models,” Bergquist said, referencing an upcoming cybersecurity conference where vulnerabilities found in BMW models are scheduled to be discussed.