USA TODAY International Edition
SMART CARS ARE INHERENTLY HACKABLE
Connectivity brings risks but protection available
If your vehicle is like most new ones, it’s basically a 2-ton connected, mobile computer on wheels – which is great if you want to enjoy the latest technological innovations during your commute.
What’s not so great is that hackers can use that connectivity to access your private information, steal your car or even worse.
“The worst-case scenario is that they can completely take over and control anything in your car, from the brakes to the steering wheel,” said Asaf Ashkenazi, vice president of product strategy at Inside Secure, a software firm in San Jose, California. “The scariest scenario is that you’re driving and they make your car crash.”
These type of hacks aren’t just possible, they become even more likely as consumers continue to call for greater convenience in their daily driving companions. Convenience relies on connectivity and the more connectivity, the more gateways for hackers can crack into.
Perhaps the highest-profile car hacking occurred in 2015 when security researchers Charlie Miller and Chris Valasek hacked into a 2014 Jeep Cherokee and were able to control the steering wheel, disable the brakes and shut down the engine.
In 2018, a man in Australia hacked into the database of the car-sharing start-up GoGet and went on more than 30 free drives before being arrested. The FBI has even issued a warning to drivers about the threat of over-the-internet attacks on cars and trucks.
One of the reasons that connected cars aren’t secure is that the manufacturers aren’t as cybersecurity savvy as you’d like to think, according to new research.
Cybersecurity company, Synopsys, and automotive industry company, SAE International, surveyed 15,900 IT security practitioners and engineers in the automotive industry and found that 55 percent of them admit to making coding errors.
Sixty percent acknowledged that lack of understanding and training on secure coding practices leads to vulnerabilities in automotive software and 39 percent said product development tools have inherent bugs.
Sixty-two percent of those surveyed said a malicious attack against automotive technologies is likely or very likely to occur in the next 12 months.
Ashkenazi said that any software system built by humans is bound to have bugs and that virtually everything connected to the internet is hackable to some degree.
But what makes the auto industry particularly vulnerable is that its cybersecurity practices are not keeping pace with the ever-evolving security landscape, according to 88 percent of respondents in the joint Synopsys and SAE International study.
Automakers have become more conscious of the looming threats to car security in recent years. GM’s self-driving car division hired Miller and Valasek in 2017 after their infamous car hack went viral. And a number of firms like Inside Secure are working with the connected car market to help protect motorists.
Still, the million-dollar question remains: Is your car hackable? Probably, according to Ashkenazi. If you can unlock and start your car using an app, then a hacker just needs to gain access to that app and your vehicle can be compromised. However, hackers are likely more interested in making a profit by exposing a bug to car companies, Ashkenazi said.
There are steps you can take to protect yourself.
According to Consumer Reports, practicing basic cyber-hygiene reduce cybersecurity risks.
Use strong passwords on internetconnected devices, store key fobs in secure areas and reset in-vehicle entertainment systems to original factory settings if you rent out or sell your car.