Automotive and Vehicle Security – Part 1

modern-cars-are-vulnerable

Modern cars are not as secure as car manufacturers will have you believe.

Cars have come a long way from being just vehicles to take you from once place to another.

Just like all other types of vehicles, cars too have evolved thanks to many new technologies.

These new technologies have allowed cars to have an increased number of valuable features.

As a result of these features, cars today are way safer to drive than before.

That isn’t to say cars aren’t better at performance though.

Indeed modern cars can travel a lot more distance per gallon of fuel than ever before.

But the technologies we want to focus on here are more close to electronic systems.

Electronic systems that have connected cars with each other and with their manufacturers.

Present-day electronic systems have added features to cars that were not thought possible half a century ago.

We’re talking about features such as GPS-aided navigation systems along with other, less-needed features, such as infotainment.

Let’s not forget about the absolutely crucial safety tools that monitor each car all the time in order to maximize driver safety.

The Problem With “New” Cars

Whenever a technology proliferates, problems arise.

And these new technologies have definitely raised concerns about driver safety.

Probably not in the way the average person would imagine though.

The drive safety issues we want to focus on here are the ones related to hackers and other cyber criminals.

Because more and more carts are connected to the internet, hackers can use this fact to access and control these new cars.

They can, potentially, compromise the essential features of these cars.

Some malware can steal information about the drive (such as driving habits) using the onboard car storage device or other monitoring sensors and then use that information for marketing purposes.

That is bad not only because it exposes personal information but because drivers have little to no idea that it is possible at all.

In fact, some manufacturing companies have covertly started to collect data on the people who drive their cars.

And then sell that data to insurance companies all without the consent of the driver.

ED Markey conducted a survey recently and found out some surprising facts.

Whether we can call them “facts” probably depends on which side of the argument you’re on but let’s roll with it for a second.

The survey looked at the standard practices of top automotive manufacturing companies with regards to security and privacy of the drivers.

Moreover, it also looked at the near ubiquitous use of technology and how it was integrated into new cars.

The survey also looked at concepts such as data collection and other management practices.

Essentially, the survey wanted to look at the different security measures and how they protected drivers against malicious use of the collected data and installed technologies in new cars.

Here are the key findings,

Eight Key Findings

modern-cars-security-systems-have-to-be-enhanced

Modern cars do have their own set of problems.

All Cars Are “New”

The survey found out that almost one hundred percent of the cars that were available in the market had wireless technologies installed in them.

While that’s great on the outside, the problem that arises with that fact is all of these cars were now exposed to online vulnerabilities.

These cars were prone to hacking and other privacy intrusion techniques as well.

Car Manufacturers Know Nothing

The survey looked at top automotive manufacturers for the study.

Surprisingly, most of them looked completely unaware of “hacking” problems in their cars.

Or maybe they just didn’t bother to report and work on hacking “events” of the past.

The “Security” Of New Cars Is Flawed

There is no doubt about the fact that all new cars should have security measures.

And to be fair, these “new” cars from top automotive manufacturers did have security features.

The problem the survey found out was that this:

These so-called security measures were inconsistent.

They were also installed in these cars in a haphazard manner.

And hence these cars were still susceptible to remote access hacking via the vehicle’s electronics.

Not to mention that most of the manufacturers were found to be simply not aware of new cybersecurity practices along with modern approaches to protect these “connected” cars.

Car Manufacturers Have Not Put In The Work To Protect New Cars

A total of two car manufacturers properly described their car’s capabilities to first diagnose and then respond to a real-time infiltration.

In fact, most of the car manufacturers said they didn’t have the required technologies to counter hackers.

So how can a car be safe when it doesn’t have the measures to counter remote hacking attempts?

Top Car Manufacturers Do Keep An Eye On You

They keep more than an eye if we’re being honest.

The survey said that automobile manufacturers collected a huge amount of data on drivers.

They also recorded a driver’s driving history along with other car performance indicators.

Car Manufacturers Give Your Data To Other People As Well

The majority of the car manufacturers did two things very efficiently (from their perspective):

First, they collected driver data

And then they transmitted the data wirelessly to “data centers”.

The manufacturers also sent driving history data to third-party data centers.

Most of the car manufacturers did not sufficiently describe any effective means to ensure that the transmitted data was safe.

There Are No Standard Rules On How Car Manufacturers Collect Your Data

By now you should know that car manufacturers don’t just collect personal data.

They use this “personal data” in a lot of other ways that are rarely advertised.

The survey found out that car manufacturers in the name of “improve customer experience”, used personal data in sketchy ways.

Sometimes, they passed the data to third-party companies.

Moreover, the data retention policies of car manufacturers were all over the place.

There were to standards on how long a car manufacturer could store the collected driver data.

Car Manufacturers Don’t Tell Drivers About Data Collection

At least not explicitly.

In other words, customers usually don’t know what car manufacturers are collecting their data.

And even when customers become aware of the data collection they can’t really opt out.

Why?

Because then they are forced to disable key features.

What key features?

Key features such as navigation.

Of course, that is unfair.

New Car Functions And Features

iot-technology-will-be-big-in-modern-cars

Securing all internal systems of these modern cars will be a huge challenge.

As mentioned before, the cars of today are nothing like the cars of the past.

In fact, most modern cars (and light trucks) have over fifty ECUs (Electronic Control Units) installed on them.

All of these are connected through, what they call, a CAN (Controller Area Network).

Sometimes these ECUs are connected via another network known as Local Interconnect Network or even FlexRay.

Most of the car’s functions including safety measures and privacy protection rely on the proper functioning of these tiny computer chips.

The ability of these computer chips to communicate with each other also plays a vital role in a car’s overall functionality.

These chips also record driving data.

After the collection, they can also analyze and hence improve a car’s performance.

And perhaps this isn’t such a bad thing.

After all, it is only due to these on-board navigation technologies that drivers and cars can communicate so effectively.

The ability of these computer chips to integrate car-based technologies with mobile devices is also very important.

In fact, we think that these chips have fundamentally changed the way man and machine communicate while the machine continues its “day” job.

Of course, all this new technology comes at a cost.

And that cost is the collection of more and more driving data.

Car manufacturers ostensibly use this driving data to enhance customer experience and better customize their services.

The problem with that, of course, is the data can end up in the wrong hands.

And hackers can do some pretty malicious things with information as crucial as driving data.

New Cars Are Vulnerable To Hackers

The problem with integrated wireless technologies is that they give rise to vulnerable spots.

Hackers can create vectors to attack these vulnerable areas.

All of this means that user privacy is under constant threat.

Hackers can also use these wireless technologies to alter the behavior of a car while it is moving.

As you can probably imagine, that could be critically dangerous.

Car manufacturers can’t ignore these “weak spots” because hackers can hurt both the customer privacy and the car’s security.

Time for some examples.

Two of them actually.

Example 1

DARPA (Defense Advanced Research Projects Agency) funded a study in 2013 which truly showed how vulnerable these “connected” cars were.

The two researchers who carried out the study were able to connect a laptop to two of these modern cars.

More specifically, modern cars’ computer systems.

And they used a simple cable to connect to the cars.

With the connection established, the researchers send commands to the two ECUs on these modern cars.

They used the CAN systems to connect to the ECUs.

With access to the two ECUs, the researchers not only controlled the cars’ engines but also their brakes and steering.

Researchers were also able to access some other critical car components.

Perhaps we should also mention that both cars were from different manufacturers.

The researchers did their initial tests with a simple laptop.

With the laptop, they successfully accelerated, turned and then braked the cars.

Researchers were also able to kill the brakes and turn on the horn.

They also displayed that they could control the car’s headlights and alter the speedometer as well as the gas readings.

Example 2

The same researchers carried out more tests a year later in 2014.

This time they studied the “hackability” of twenty-one of these modern cars.

The 21 modern cars belonged to ten different manufacturers.

These researchers then categorized these cars according to their level of security.

Researchers measured each car against wireless entry points along with control points and different systems within which both of these could be undermined.

There Are Multiple Areas Of Concern

As indicated before, more and more cars are using modern navigation technologies.

These technologies provide a way to record the location of the car and the driving history of the driver.

Now, a bunch of services have popped up that can collect even more user data.

More data means that companies can extract more valuable information from it.

These companies can use the data to improve the car’s performance.

But they can also sell the data to other commercial entities or to law enforcement agencies.

How did anyone find out about this?

Well, there are many cases but the one we want to focus on is the one that involves Tesla.

 

Tesla Example

Just for clarity’s sake, those “top car manufacturers” does include Tesla.

Privacy advocates went nuts when Tesla disapproved a report’s unfavorable review of their car with their collected data.

The story went like this.

Tesla Motors wanted a reporter to test-drive one of their cars.

But the company didn’t disclose that they were collecting data related to,

  • The driver’s location
  • Use of energy
  • The car’s speed
  • Temperature
  • Other Control settings

When the reporter didn’t give Tesla’s car the review the company wanted, Tesla struck back with that “collected data”.

Everybody Wants To Use Technology In Cars Including Car Sellers

modern-cars-can-be-hacked

More technology doesn’t automatically mean more usefulness.

Now we know that even car dealers and navigation system providers love wireless technologies in cars.

And why shouldn’t they?

Especially when they can track cars and disable them via “remote disabling” when the driver of the car fails to pay the car payments.

Of course, on the flip side, if thieves snatch any one of their cars, these car dealers can simply disable that car.

But here is the problem.

What if a car dealer disables a person’s car when they are in an emergency situation?

Or what if, as a result of the disabling, the driver of the car is stranded in a remote and unsafe area?

Regardless, car technologies will continue to move forward.

And perhaps they should.

Besides, can we really afford to ignore the new vehicle to vehicle technologies that are emerging so rapidly?

By now, they have actually reached a stage where they can be considered to be a workable tool for exchanging activity driver safety via techniques such as collision avoidance.

Of course, the main hurdle in the technology’s development is a lack of resilient corresponding security system.

There is little doubt that more and more vehicles will get integrated with better wireless technologies.

All of these developments open new doors for hackers and cyber criminals.

Why?

Because they will have more backdoors to unlock and more targets to inject a malicious code into.

A driver’s fundamental right to his/her privacy will definitely get compromised by these type of hackers.

Hence, it is even more important that these threats are dealt with.

And the only way to do that is to develop and then demonstrate working car security policies.

The right policies and technologies will be able to ensure the driver’s safety and privacy.

 

The Age Of Internet Of Things Is Coming And Hence, More Thorough Integration Is Required

As we pointed out before, more vehicles are now connected to the internet than ever before.

Perhaps it is even essential that they continue to do so.

This has added a separate, but potentially huge, slice into the already big Internet of Things pie.

What do we mean by the term Internet of Things?

Basically, this term is for defining systems that totally depend on the internet.

In other words, in these systems, the internet interacts with the real world through the ever-present sensors.

Of course, if we’re talking about vision, then Internet of Things is certainly heading towards a system of computers, sensors, and devices that is completely automated.

Moreover, that future system will process its own data and will not primarily rely on the user for inputs.

And since no user input is required, that “system” will be able to have a unique view of the things which will be taking place at any given location and time.

Internet of Things will change the world.

And perhaps for the better.

The world will be this one big place of mammoth-sized connect systems.

This could reduce a lot of waste and will lower costs drastically.

It might actually get rid of all the losses that occur in any given machine – human activity.

 

Modern Vehicles And Their Complexity

All modern vehicles require a lot of technologies to come together and integrate in a comprehensive manner.

Think about the systems each modern car has to make sure are in working order.

You have the safety issues and then there are reliability actors and let’s not forget the connectivity and entertainment requirements on part of the drivers.

There are many other examples but we’ll leave those for now.

To put it another way, a modern car has a lot of requirements.

But the IoT technology is advancing pretty rapidly as well.

As a result, there are several technologies available today which can provide the horsepower needed for an in-vehicle Internet of Things strategy as far as security is concerned.

The digital platforms of today can operate on a whole range of devices.

It doesn’t matter if the device is mobile and has an embedded system that is limited in terms of memory and CPU.

You could even have a powerful server that has a lot of processing power and memory capacity.

Digital platforms work with everything.

And hence these same platforms can provide the necessary environment in terms of computer resources that can enable ubiquitous connectivity.

In this respect, different APIs and other application platforms can definitely transform modern devices.

We’re talking about devices that can talk to each other.

Devices that can communicate with the user and the real world.

These type of devices will achieve that via sensors and advanced controllers.

Moreover, these devices will be able to collect vast amounts of knowledge and will eventually develop an understanding of their environment.

All of that will happen in real-time.

Conclusion

Vehicles that are fully connected will be very valuable.

And not because it will have an expensive internet system.

But because of the information it could contain.

And hence the issue of security should be taken even more seriously.

The true value of modern vehicles will be the connections they will enable with other devices.

Technologies such as Internet of Things and autonomous controls built right into a vehicle’s components will provide a lot of value.

In order to tap this value, engineers and designers will have their work cut out.

Vehicles of the sort described above will require very secure integration with external systems.

In order to function properly, these vehicles will demand flawless connectivity.

And hence, the real challenge will be to build a new platform that will offer those long-lasting and durable connectivity options.

And these options will have to be provided in a secure and seamless manner.

 

Leave a Reply