As manufacturers pack cars and trucks with electronics and wireless connections, security experts are increasingly worried about the potential for hackers to take control of vehicles.
Already, hackers have demonstrated how they can take control of a Jeep Cherokee and drive it into a ditch.
Police in Houston are investigating a series of unsolved vehicle robberies that may be the work of hackers. A surveillance video captured one thief entering a Jeep and taking out a laptop. He then typed on the keyboard for several minutes, apparently starting the engine and driving off with the vehicle.
Incidents such as these have pushed the issue of automotive hacking to the forefront. It will take center stage Friday in Detroit at the Global Automotive Cybersecurity Summit. The participants include Transportation Secretary Anthony Foxx, National Highway Traffic Safety Administration chief Mark Rosekind and General Motors Chief Executive Mary Barra.
Cybersecurity “needs to be treated just like safety,” said Saar Dickman, chief executive and founder of Tower-Sec, the Tel Aviv-based cybersecurity firm and division of connected car electronics giant Harman International.
Dickman and other experts warn that risk grows as vehicle manufacturers pack more self-driving features into cars and trucks. Hackers, for example, could figure out how to take control of an autonomous vehicle and cause it to crash or drive to a location where occupants could be kidnapped or worse, they say
Terrorism using self-driving vehicles is another fear.
“We have concrete evidence they’re building cars that drive themselves,” Mikko Hypponen, chief research officer of cybersecurity firm F-Secure, said during a presentation at this year’s SXSW conference. “It’s obviously a deep concern, because you are looking at safety vulnerabilities that could be exposed.”
Self-driving trucks could be hijacked. And terrorists might even hack into trucks, launching an attack like last week’s assault in Nice, France, remotely driving into crowds or delivering explosives.
“That’s a very legitimate scenario,” said Brian Lagana, executive director of the Transportation Security Council for the American Trucking Associations.
Concerns about cybersecurity were largely downplayed until recently, said Lagana.
But that is beginning to change. The FBI and NHTSA jointly issued a warning to both the general public and motor vehicle manufacturers early this year, advising them “to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”
Previously, hackers would have required physical access to a vehicle, but both light and heavy-duty vehicles are offering a variety of digital avenues of attack, said David Cole, chairman-emeritus of the Center for Automotive Research, in Ann Arbor, Michigan.
These include onboard 4G LTE WiFi hotspots, mobile tracking technology, and even wireless tire pressure monitoring systems.
The hacking of the Jeep Cherokee forced Fiat Chrysler Automobiles to recall over 1.4 million vehicles using its Uconnect infotainment system.
Nissan, meanwhile, had to disable a smartphone app developed for its Leaf battery-electric vehicle because hackers could gain personal information and possibly control some vehicle functions, such as charging.
“Every time another piece of electronic equipment is added that provides another pathway for a hacker,” said ATA’s Lagana.
Automakers are looking for ways to get a step ahead of cybercriminals, in some cases turning to “white hat” hackers.
Fiat Chrysler Automobiles last week announced it was partnering with Bugcrowd, a San Francisco-based start-up that claims to crowdsource cybersecurity solutions by turning to a network of 32,000 hackers. FCA will offer a “bug bounty” of up to $1,500 to anyone who can identify a potential vehicle “vulnerability.”
This week’s cybersecurity conference will both explore the threat hackers pose and look at longer-term solutions that will help vehicles block threats as well as recognize and take corrective action in the event their software does get hacked.