Connected world raises automakers’ cyber-risk
There’s a reason experts keep their keys in metal cans.
Top cybersecurity experts would never hang car keys on a hook near the back door or leave them sitting on a kitchen counter. The best strategy to prevent theft? Store the key fob in an old-fashioned metal coffee can.
“Really, some cyber experts don’t go to sleep without putting their key into a metal container,” said Moshe Shlisel, a veteran of the Israeli Air Force and now CEO of GuardKnox Cyber Technologies. “It’s called a Faraday Cage. You block the electromagnetic field.”
Copying code from vehicle key fobs is easy. Tech thieves can do it from outside your home or a motel. Then they can steal a vehicle or just gain access without owners realizing they’ve been violated.
Cybersecurity companies, including the team at GuardKnox, are working with automakers globally to create protections that deter hackers who covet new cars and the data stored in them.
Within the past three months, GuardKnox has been granted three U.S. patents including a “Communication Lockdown Methodology” that prevents attackers from entering a vehicle’s ecosystem. The patent covers trucks, buses, ships, planes, drones and even spaceships. The methodology has been implemented in fighter jets and missile defense systems.
“Vulnerability is everywhere. The fob is a symptom,” Shlisel said in a phone interview from his office just south of Tel Aviv.
“You’re exposed to many attack vectors. Remember your computer 20 years ago? There weren’t firewalls. What happens if someone takes control of your car while you’re on the highway with two kids inside and you can’t do anything? You’re doomed. And that can be done today.”
This is not sci-fi. This is real life. This is the reality of a wireless, connected world where car doors lock with a click and a chirp, where children in the backseat stream videos, where back-up cameras make parking easy, where driver assist prevents accidents and companies can update software technology remotely.
“Connectivity introduces cyber-risk,” said Faye Francy, executive director of the nonprofit Automotive Information Sharing and Analysis Center, which specializes in cybersecurity strategies.
While auto industry engineers know a lot about traditional safety, quality, compliance and reliability challenges, cyber is an “adaptive adversary,” she said.
“It’s an ever-changing, emerging threat that requires diligence in every aspect of design through operations — it’s not a simple engineering fix,” Francy said. “And as we move into smart cities and autonomy, the interconnectedness provides greater efficiencies and safety but also introduces potential risk into the broader global ecosystem.”
Remember the heavy steel devices — some called them Kryptonite Clubs — that drivers attached to their steering wheels back in the 1980s and 1990s? Well, now industry must find this on their networks to protect against hackers.
“Today we’re in an interconnected society, from our computer to our phones to our cars to our homes. We need Kryptonite bars on the network,” Francy said. “Automakers are starting to implement security features in every stage of design and manufacturing. This includes the key fob. Cybersecurity diligence is the cost of doing business in the digital age today.”
In 2015, the Detroit Three and 11 other automakers formed the group that shares, tracks and analyzes potential cyber threats, vulnerabilities and incidents related to the connected vehicle in North America, Europe and Asia.
Shlisel, whose board of directors includes executives who served on the board at GM, said digital firewalls are essential. “If you don’t have a mechanism that can protect his communication from someone replicating them, then it’s a no-brainer.”
So while consumers love the convenience that connectivity offers and are willing to pay more for enhanced technology, connectivity has a price.