As leading car manufacturers continue to increase the amount of ‘connected’ facilities in the newer car systems, cyber experts have warned them that these facilities are far behind in the field of security and have got large catching up to do.
As technology advances, more and more tech-savvy car features are being introduced all major automobile productions. However, these ‘connected’ car systems can have their own drawbacks resulting due to inefficient software development which is used in these systems.
Although physical security and comfort of a passenger are at the peak and expertise in these areas has been developed to great levels, the cyber security of these systems is still a huge issue, as they have not been fully researched and developed.
A study was recently conducted by the International Data Corporation (IDC) and a leading cyber security firm Veracode, who conducted research and interviews with executives of leading automobile companies like Fiat-Chrysler, Seat and Scania.
In a joint investigative report that was released afterwards, they addressed the issue of cyber security and expressed their concerns about the lack thereof. With the world teeming with hackers and cyber criminals, this could be a huge issue with the connected systems.
“While automotive manufacturers are well aware of the issues relating to physical security for the connected car and liability thereof, the cyber security issues are less understood,” the report warned. “This is new technology and the strategies for addressing these issues are still being formulated.”
As systems are being developed in cars that can by themselves navigate, park, communicate and change routes dynamically, leaving loopholes in software which control these parameters can result in severe damages. Car makers are slowly beginning to realise this as incidents of such attacks surface regularly.
In one recent example, hackers were able to take control of a car of the ‘Leaf’ series of Nissan, which is connected using the NissanConnectEV app. The hackers took control of the app which in turn gave them control of the car. Subsequently, Nissan had to discontinue the app service.
In another incident where Fiat-Chrysler was forced to recall over a 1.4 million vehicles in the U.S, two security researchers were able to hack into the ‘connected’ dashboard of a Jeep Cherokee and took control of a range of functions including door locks, steering, transmission, air conditioning, and brakes.
Such incidents are imminent, beliefs Chris Wysopal, who is chief technology officer at Veracode, as the control of cars is exposed to the internet.
Wysopal clarified further, expressing how much further work is needed in this sector:
“Building a secure application development programme is a significant challenge for manufacturers, which is compounded by the need to do so under the microscope of government regulated safety standards and liability concerns. What we’re seeing happen in the auto industry is a microcosm of what’s happening in financial services, healthcare and virtually every other sector – applications are not created with security in mind, creating a major area of risk”.
However, the report argues that technology will not die, and it is the duty of automobile manufacturers to adapt to the standards of better cybersecurity as well as government regulations.