Car hacking – could it actually happen? Why security is the next frontier for vehicle manufacturers
C ar hacking and connected vehicle security is poised to become one of the most talked-about (and worried-about) issues in the industry for three main reasons.
The very first is that it’s a genuinely yam-sized risk and represents a entire fresh frontier in vehicle security. While most people – both the industry and its customers – are still largely preoccupied with good old-fashioned smash-and-grab theft, criminals are increasingly sophisticated and will develop fresh technologies as technology permits it.
The 2nd is that the media is weirdly paranoid about things like this. We tend to get a bit panicky whenever tech-related crime gets brought up, overusing words like “hacking” and “cyber” without any real take hold of of what they mean.
And the third is that car hacking is a big part of the fresh Quick and the Furious film, The Fate of the Furious. This franchise is not renowned for its straightforward relationship with reality – think “danger to manifold!” and quarter-mile haul races that take ninety seconds – but the fresh film will be enough to prompt a glut of pontificating what-if articles, including this one.
As always, the reality is a lot less spectacular and most likely a bit more depressing than the lurid portrayal of car hacking as found in The Fate of the Furious and elsewhere. But it’s a real risk and, depending on your interpretation of the key words “hacking” and “cyber”, might already be happening.
Picture this
It’s a sunny April morning in two thousand twenty but, as you begin your car for the morning commute, something is wrong. The 20in touchscreen is dead. All of a sudden it flickers into life but instead of the usual map there’s a message: “Your car’s computer has been locked. We control your data, brakes and steering. To unlock your computer you’re obliged to pay a fine of $200.”
Y ou’re not alone. As one of 8.6 million connected cars in the UK (up from a mere 1.8 million in 2016) that are capable of vital wireless internet updates and diagnosis – and now devastating malware – you are one of many getting their very first taste of auto ransomware.
“It might sound like fantasy but this could happen,” says Alex Moiseev, managing director of the European arm of software security specialist Kaspersky Lab, as he sits in his hi-tech Paddington office. “It happens with desk computers now. It’s just a question of time before the bad guys budge into your car, too.”
The F1 connection
Moiseev should know. Kaspersky is contracted by Ferrari F1 which, at each race, relies on hundreds of sensors to provide thousands of data points in real-time – monitoring tyre pressure, fuel burn efficiency, brake force and so on – that are wired to laptops scrutinised by race engineers. It’s Moiseev’s job to ensure not a single kilobyte of top-secret data is infiltrated.
F or while F1 connectivity gives engineers a competitive edge, the introduction of so much wireless data has created a minefield, too, potentially jeopardising production-line security, the company’s internet provider and even the driver’s safety.
On a race weekend alone, says Moiseev, there’s a notable increase in malware traffic, so protecting systems and data has never been more significant, especially as, in common with other manufacturers, today’s race car wizardry is tomorrow’s road-car driver safety aid.
T he shocking ease with which a car’s computers can be hijacked was graphically illustrated last year when US hackers remotely took control of a Chrysler Jeep’s core functions – including brakes, wipers steering and transmission – during a dramatic filmed stunt.
I t’s the very script that rival software security rock-hard SQS is now hired by leading motor manufacturers to prevent. To date, says Stephen Morrow, its head of security services, cybercrime has resulted largely in legal exposure and asset theft for firms such as online shopping giant Home Depot and Sony Pictures Entertainment, which suffered major hacks last year. Soon, he predicts, attacks will stir into the automotive arena, with potentially catastrophic results.
“Nobody is getting hurt yet, but as we commence putting software in cars that are connected by internet, we are getting to the point where computer security intersects with public safety and human life. This is where things get much more serious,” he says. “Recent stunt hacks demonstrate that these vulnerabilities affect safety. Manufacturers need to get on top of things and take security much more earnestly.”
M oiseev says the global motor industry got off to a very slow begin. “It did not take cybercrime gravely enough – until recently,” he says. “For years automotive firms bought open-source software to run the 40-60 computers now controlling functions in the average car. Who vetted the people who wrote the codes? What bugs already lie dormant in our vehicles, waiting to be manipulated?”
The fightback
Fortunately for motorists, the fightback has begun. Moiseev painstakingly created a Ferrari race simulator finish with pitwall at Paddington which, when driven, is searingly lifelike. Technicians use it to attack-test Ferrari’s telematics, seeking – and remedying – powerless points to keep race and road cars safe. He says such procedures are now becoming commonplace across the industry.
I n a closely guarded backroom – spurred by a monitor dramatically identifying real-time global cyber threats – technicians write fresh, bulletproof, codes for clients’ in-car computers.
A sked if it was doing enough to protect drivers’ safety, the Society of Motor Manufacturers and Traders (SMMT) told us: “Vehicle manufacturers are investing billions of pounds to make cars safer and more intelligent. Data security is paramount to the automotive industry. Manufacturers are always striving to stay one step ahead of organised criminals and permanently monitor for potential breaches so that customers’ information is kept safe.”
Last year the government weighed in, too, launching the Centre for Connected and Autonomous Vehicles which, this year, asked IT firms to bid for a £40,000 contract to investigate automotive cyber-attacks.
Auto cybercrime has also become a hot topic at top-level security conferences where leading experts, meeting in locations including Michigan, Detroit, San Francisco, Detroit and Shanghai in the past year, exchange intelligence.
But when will the industry’s luck run out?
T he SMMT says more than 1.Five million UK motorists per year now leave showrooms in cars featuring self-activating safety systems. More than half of fresh cars registered in two thousand fifteen had safety-enhancing collision warning systems, with other technologies such as adaptive cruise control, autonomous emergency braking and blind spot monitoring surging in popularity. All rely on computers.
Statistics portal Statista predicts UK connected car take-up will increase from 1.8 million for two thousand sixteen to almost 8.6 million by 2020. Worldwide, the number will rise to one hundred sixty million.
Carsten Maple, professor of cyber systems engineering at Warwick University, says: “Make no mistake, cyber security is a Tier One threat for the government, up there with terrorism and pandemics. Imagine if you had a major incident where all these autonomous vehicles stopped or crashed into each other. It’s possible.
“Let’s say I was a criminal. Would I say, ‘Give me £100 and I’ll unlock your car’ or, if there’s lots of data in your car, connected to your phone, with details of where you went and who you spoke to, would I blackmail you instead? Even however it has not happened yet, there is a concern it might.”
A ndrew Miller, chief technical officer at Thatcham Research, which conducts electronic risk assessments on every fresh car brought to the UK market, says: “We have connected vehicles now, many using a non-removable e-sim to connect, or wireless device, or your phone. It’s an amazingly elaborate area permitting one computer to speak to another, and delivering major benefits. It’s also an emerging risk – and with more connected vehicles, that risk will increase for motorists.
“When this risk will truly emerge is the moot point: no one indeed knows. But the chance to fight back is right now.”
For all the latest news, advice and reviews from Telegraph Cars, sign up to our weekly newsletter by injecting your email here
Car hacking – could it actually happen? Why security is the next frontier for vehicle manufacturers
Car hacking – could it actually happen? Why security is the next frontier for vehicle manufacturers
C ar hacking and connected vehicle security is poised to become one of the most talked-about (and worried-about) issues in the industry for three main reasons.
The very first is that it’s a genuinely ample risk and represents a entire fresh frontier in vehicle security. While most people – both the industry and its customers – are still largely preoccupied with good old-fashioned smash-and-grab theft, criminals are increasingly sophisticated and will develop fresh technologies as technology permits it.
The 2nd is that the media is weirdly paranoid about things like this. We tend to get a bit panicky whenever tech-related crime gets brought up, overusing words like “hacking” and “cyber” without any real take hold of of what they mean.
And the third is that car hacking is a big part of the fresh Quick and the Furious film, The Fate of the Furious. This franchise is not renowned for its straightforward relationship with reality – think “danger to manifold!” and quarter-mile haul races that take ninety seconds – but the fresh film will be enough to prompt a glut of pontificating what-if articles, including this one.
As always, the reality is a lot less spectacular and most likely a bit more depressing than the lurid portrayal of car hacking as found in The Fate of the Furious and elsewhere. But it’s a real risk and, depending on your interpretation of the key words “hacking” and “cyber”, might already be happening.
Picture this
It’s a sunny April morning in two thousand twenty but, as you embark your car for the morning commute, something is wrong. The 20in touchscreen is dead. All of a sudden it flickers into life but instead of the usual map there’s a message: “Your car’s computer has been locked. We control your data, brakes and steering. To unlock your computer you’re obliged to pay a fine of $200.”
Y ou’re not alone. As one of 8.6 million connected cars in the UK (up from a mere 1.8 million in 2016) that are capable of vital wireless internet updates and diagnosis – and now disruptive malware – you are one of many getting their very first taste of auto ransomware.
“It might sound like fantasy but this could happen,” says Alex Moiseev, managing director of the European arm of software security specialist Kaspersky Lab, as he sits in his hi-tech Paddington office. “It happens with desk computers now. It’s just a question of time before the bad guys stir into your car, too.”
The F1 connection
Moiseev should know. Kaspersky is contracted by Ferrari F1 which, at each race, relies on hundreds of sensors to provide thousands of data points in real-time – monitoring tyre pressure, fuel burn efficiency, brake force and so on – that are wired to laptops scrutinised by race engineers. It’s Moiseev’s job to ensure not a single kilobyte of top-secret data is infiltrated.
F or while F1 connectivity gives engineers a competitive edge, the introduction of so much wireless data has created a minefield, too, potentially jeopardising production-line security, the company’s internet provider and even the driver’s safety.
On a race weekend alone, says Moiseev, there’s a notable increase in malware traffic, so protecting systems and data has never been more significant, especially as, in common with other manufacturers, today’s race car wizardry is tomorrow’s road-car driver safety aid.
T he shocking ease with which a car’s computers can be hijacked was graphically illustrated last year when US hackers remotely took control of a Chrysler Jeep’s core functions – including brakes, wipers steering and transmission – during a dramatic filmed stunt.
I t’s the very script that rival software security hard SQS is now hired by leading motor manufacturers to prevent. To date, says Stephen Morrow, its head of security services, cybercrime has resulted largely in legal exposure and asset theft for firms such as online shopping giant Home Depot and Sony Pictures Entertainment, which suffered major hacks last year. Soon, he predicts, attacks will stir into the automotive arena, with potentially catastrophic results.
“Nobody is getting hurt yet, but as we embark putting software in cars that are connected by internet, we are getting to the point where computer security intersects with public safety and human life. This is where things get much more serious,” he says. “Recent stunt hacks demonstrate that these vulnerabilities affect safety. Manufacturers need to get on top of things and take security much more earnestly.”
M oiseev says the global motor industry got off to a very slow commence. “It did not take cybercrime gravely enough – until recently,” he says. “For years automotive firms bought open-source software to run the 40-60 computers now controlling functions in the average car. Who vetted the people who wrote the codes? What bugs already lie dormant in our vehicles, waiting to be manipulated?”
The fightback
Fortunately for motorists, the fightback has begun. Moiseev painstakingly created a Ferrari race simulator accomplish with pitwall at Paddington which, when driven, is searingly lifelike. Technicians use it to attack-test Ferrari’s telematics, seeking – and remedying – feeble points to keep race and road cars safe. He says such procedures are now becoming commonplace across the industry.
I n a closely guarded backroom – spurred by a monitor dramatically identifying real-time global cyber threats – technicians write fresh, bulletproof, codes for clients’ in-car computers.
A sked if it was doing enough to protect drivers’ safety, the Society of Motor Manufacturers and Traders (SMMT) told us: “Vehicle manufacturers are investing billions of pounds to make cars safer and more intelligent. Data security is paramount to the automotive industry. Manufacturers are always striving to stay one step ahead of organised criminals and permanently monitor for potential breaches so that customers’ information is kept safe.”
Last year the government weighed in, too, launching the Centre for Connected and Autonomous Vehicles which, this year, asked IT firms to bid for a £40,000 contract to investigate automotive cyber-attacks.
Auto cybercrime has also become a hot topic at top-level security conferences where leading experts, meeting in locations including Michigan, Detroit, San Francisco, Detroit and Shanghai in the past year, exchange intelligence.
But when will the industry’s luck run out?
T he SMMT says more than 1.Five million UK motorists per year now leave showrooms in cars featuring self-activating safety systems. More than half of fresh cars registered in two thousand fifteen had safety-enhancing collision warning systems, with other technologies such as adaptive cruise control, autonomous emergency braking and blind spot monitoring surging in popularity. All rely on computers.
Statistics portal Statista predicts UK connected car take-up will increase from 1.8 million for two thousand sixteen to almost 8.6 million by 2020. Worldwide, the number will rise to one hundred sixty million.
Carsten Maple, professor of cyber systems engineering at Warwick University, says: “Make no mistake, cyber security is a Tier One threat for the government, up there with terrorism and pandemics. Imagine if you had a major incident where all these autonomous vehicles stopped or crashed into each other. It’s possible.
“Let’s say I was a criminal. Would I say, ‘Give me £100 and I’ll unlock your car’ or, if there’s lots of data in your car, connected to your phone, with details of where you went and who you spoke to, would I blackmail you instead? Even however it has not happened yet, there is a concern it might.”
A ndrew Miller, chief technical officer at Thatcham Research, which conducts electronic risk assessments on every fresh car brought to the UK market, says: “We have connected vehicles now, many using a non-removable e-sim to connect, or wireless device, or your phone. It’s an amazingly sophisticated area permitting one computer to speak to another, and delivering major benefits. It’s also an emerging risk – and with more connected vehicles, that risk will increase for motorists.
“When this risk will truly emerge is the moot point: no one indeed knows. But the chance to fight back is right now.”
For all the latest news, advice and reviews from Telegraph Cars, sign up to our weekly newsletter by coming in your email here
No comments