Cars - an Easy Target for Cyberattacks

Cars ceased to be physically independent from communications and networks at the end of the 20th century, and with the expansion of the possibilities of the so-called connected cars, the potential for cyberattacks has increased. Today, the problems associated with the development of information technologies are not addressed without taking this issue into consideration.

The Internet has changed the way we work with computers, as connection is now changing cars. When personal computers began to enter our lives, malicious software was a major problem for information security. A computer virus could lead to data loss and even damage the device. No one was thinking about data theft or misuse of technology. Communication channels were very slow, few could use the Internet or other networks. At the time, the worst thing that could happen was the need to purchase a new computer if the old one was damaged. But after the Internet became available to everyone and the cost of the equipment decreased, the situation changed. Viruses, of course, remain a problem, but we are now afraid not because we may have to buy a new computer. Our anxiety is mostly related to the theft of data, with the breakdown of the critical systems on which our lives depend.

The same happens today with cars. Until recently, the biggest fear of car owners was theft. As soon as cars got connected to the network, everything changed. Many additional threats have been detected, which are no less unpleasant.

What’s the worst that can happen in case of a cyberattack on a car? For the driver to lose their life, of course. In 2015, Chrysler withdrew from the market 1.4 million cars after hackers demonstrated before WIRED that they could control the system of Jeep remotely through the Internet. They managed to penetrate into the turning on/off of the air conditioning, the audio system, to turn off the brakes and even intervene in the driving of the car while being in motion. In 2016 and 2017, Tesla was attacked. Security experts from Keen Security Lab demonstrated an attack on the Tesla Model S. They managed to trigger the brakes, open the doors and take in the side mirrors, even though they were about 20 meters away from the cars.

Hacking a car can seriously damage the owner’s physical condition. So far, however, frightening hacker experiments have helped manufacturers and developers of connected systems to increase the level of safety of their products.

The second threat concerns data. In November 2017, Uber reported the data theft of 57 million users. Hackers stole the names, e-mail addresses and phone numbers of 50 million people who use the company’s service worldwide. They also stole information about 7 million drivers, including the numbers of 600,000 driving licenses in the United States. The history of trips and use of cars, personal and statistical data – everything can be subject to a hacker attack.

The car has long ago turned into an analogue of an office. In their cars, people have business talks through Bluetooth without taking their eyes off the road and lifting their hands off the wheel, discuss life plans, talk with their children. Are you ready to share this information with the world? Anyone who can connect to the car system, without performing a physical break in, can remotely access everything that’s going on inside. And the bigger the business, the worse the theft of such corporate and personal data would be. The car itself becomes less valuable than the information that can be “read’ from it. Thus, the physical theft of the vehicle against which the owner is probably insured is now nothing compared to all other potential evils.

Here comes the question of whether modern cars are protected from cyberattacks? Automotive cybersecurity experts claim that car technologies such as Wi-Fi, Bluetooth, autonomous control systems and telematics equipment are very vulnerable, and manufacturers and suppliers are not paying enough attention to preventing possible electronic attacks. The report, based on a survey among 593 IT specialists and engineers working in the car industry in the US, revealed a number of serious issues. These include:

* 62% of the IT professionals and engineers believe an attack on their company’s products is very likely to happen next year.

* 52% say they are aware of the potential harm to drivers or vehicles due to “unsafe vehicle technologies.”

* 62% indicate that their company does not have enough cybersecurity processes when developing products.

In the companies surveyed, only nine employees on average were working full-time on cyber security programs. And 30% of respondents say that in their company, there is neither a program nor a cybersecurity team. Which products are most likely to be hacked:

* RF systems, such as Wi-Fi and Bluetooth (most at risk according to 63% of the specialists).

* Telematic systems that record speed and location data (according to 60% of the respondents).

* Autonomous management systems (according to 58% of survey participants).

The report was prepared by Synopsys, California software developer, and SAE International (Society of Automotive Engineers), a US-based non-profit organization for scientific and technical research and standardization. The employees surveyed indicate that the most significant reasons for the vulnerability of the software are the lack of understanding of the problem by the management of the companies and the pressure on them to meet the development deadlines. About 69% of the respondents say they cannot express their concerns before the senior officers of their companies. And as the main reason, the authors of the report point out the “sophisticated and fragmented supply chain in the automotive industry”, because most suppliers do not have a credible cybersecurity team.