If the future of the auto industry is connected cars then making them resilient against hacking needs to be a major focus of cybersecurity firms. However, it doesn’t look promising so far with organizations taking action after problems are exposed by hackers.
This often happens in IT cybersecurity as well with firms often patching software and devices after a vulnerability or exploit is discovered.
Why is Cybersecurity Needed For Cars?
As cars get more technologically advanced each year, cybersecurity for cars is the need of the hour.
There is ample evidence for this based on incidents that occurred this year alone with a widely used “telematics system” that was left exposed after hackers found hard-coded credentials.
In another case, hackers found a way to mass activate immobilizers of connected cars, letting them turn off a large number of cars at any time. In other news, a software engineer discovered a bug that could let hackers start vehicles remotely. This feature alone can be dangerous as it recently led to a person’s death.
Why Do We Need a Different Type of Cybersecurity?
Car companies reacted speedily to these hacks but just like the IT industry, they responded after the issues were found and this is alarming. For the IT industry, a glitch or a hack in some cases will cost time and money for companies to fix and may not lead to a major problem. The opposite is true for the auto industry, they need to fix the exploits or problems as soon as possible otherwise it may lead to fatalities.
At present, a majority of cars aren’t connected nor are they self-driving. However, in the next twenty years, more than 25% of cars will be autonomous and even if they aren’t self-driving, they will be connected via the internet. If this is the future, then the industry has an obligation to protect these cars from cyberattacks.
A study by Georgia Tech mentions a scenario in which hackers use “gridlockware” to stop vehicles until they pay a ransom. According to the study,
Hackers could not only wreck the occasional vehicle but possibly compound attacks to gridlock whole cities by stalling out a limited percentage of cars.
Imagine if the hackers don’t even stop all the cars, just a portion of them. Even the mere threat of an action like that could lead to road rage coupled with economic losses that could force the state to give in to the ransom demand.
There is some hope as the industry has started to take the issue seriously with GM introducing a new electronic vehicle feature that will have countermeasures for hacks and cybersecurity “baked in from the start.”
The technology will send authentication messages between various vehicle components to validate that the instructions being sent or received are from a certified server. The company is also using pen-testers and white-hat hackers to probe for susceptibilities in its network.
Japanese car giant Toyota has come up with a different approach to cybersecurity as it is following the same tools as hackers. It has devised PASTA (Portable Automotive Security Testbed with Adaptability), a platform that allows everyone, even car owners, to probe the ECUs of connected cars and search for weaknesses.
We have to wait and see if the measures that the carmakers are taking will be enough but one thing is clear, companies can find issues before hackers do and preventing hackers from taking advantage of these issues has to be their main priority.