Connected Cars and Car Hacking: What Are the Risks, and How Are We Being Protected?

Technology has worked in dramatic ways to transform and reshape our lives by bringing us closer together. This heightened emphasis on connection has had a huge impact on the automotive world, and it has resulted in innovations that have changed the way we interact with our cars. Developments within this realm have given rise to the advent of the connected car. But while the connected car offers great benefits, it also opens the door to risks—risks that are currently being mitigated by manufacturer and government action. 

The Benefits of Connected Cars 

Connected cars are vehicles offering ready access to the internet, and this access allows cars to easily link with a host of similarly connected devices. These include tablets, smartphones, tracking equipment, traffic lights, home appliances and other vehicles sharing space on the roads. In-vehicle connectivity impacts the automotive experience in many positive areas, including safety benefits, convenience in communicating with work and home, maintenance reminders and real-time navigation.  

Perhaps the biggest advancement in connected cars is the prospect of autonomous vehicles on the roads. While prototypes such as Google’s Self-Driving Car have made headlines, vehicles featuring technology allowing them to operate with complete autonomy aren’t yet an everyday reality on our streets. However, this technology is already being used by industrial fleets in controlled environments in industries such as mining and farming.  

Increased Access Means Increased Risk 

While it’s clear that in-vehicle connectivity has a wide reach, this increased access to data and information brings increased risk. This technology makes your car a connected computer, and connected computers can be hacked. It’s possible for wrongdoers to use this technology to access private information, and they may even use it to hijack some of your car’s functionality. 

The range of vehicle functions that may be hacked is stupefying. Hackers can toy with your car’s seat belts, commandeer its air conditioning, change stations on its radio and turn on its windshield wipers. They can achieve tasks that have the potential to be quite dangerous: They can disable your car’s brakes and transmission.  

This was all illustrated in chilling detail in a couple of Wired magazine articles sharing the experiences of a writer who agreed to have his vehicle’s functions hijacked by a pair of white-hat hackers. Their intention was to show just how vulnerable connected cars can be.  

What’s Being Done

Both car manufacturers and lawmakers are taking steps to protect drivers from the dangers of car hacking.  

Bug Bounties: If manufacturers want to get a handle on vulnerabilities, the course of action they need to take is clear. They need to get hackers on their team, working with them instead of against them to shine a light on software weaknesses.  

Manufacturers are taking the initiative by offering bounties to hackers who step forward and notify them regarding hackable flaws in their models. Tesla has been a pioneer in this initiative. Via a program on Bugcrowd—a site dedicated to facilitating crowdsourced cybersecurity—the manufacturer pays bounties of between $100 and $10,000 to hackers who reveal weaknesses in the manufacturer’s software. According to information shared by Bugcrowd, Tesla has already paid more than 150 bounties.  

In July of this year, Fiat Chrysler Automobiles became the first mass-market carmaker to offer bounties to hackers who disclose software weaknesses. The automaker pays bounties of up to $1,500 to hackers who share information that can be used to beef up the security of their vehicles’ software systems. To date, the manufacturer has paid more than 40 bounties.   

The bounty program also serves as a tool manufacturers can use to identify skilled talent. Hackers who reveal vulnerabilities may be invited by carmakers to assist with cybersecurity operations. 

Industry-Wide Pooling of Cybersecurity Data: The automotive industry is competitive, and in the past, manufacturers have gone to great lengths to keep their research a secret from competitors. This has begun to change, and car hacking has led carmakers to see the wisdom in pooling their resources to thwart the efforts of their shared threat.  

Groundwork is being laid that facilitates the swapping of information within the industry. The Alliance of Automobile Manufacturers is a major industry group, and last year, it revealed it had launched a hub for carmakers to trade intelligence regarding cyber threats. 

The U.S Department of Transportation (DOT) is also getting involved. The organization is hoping it can get the automotive industry to take the kind of proactive safety steps that are in place within the aviation industry. An initiative was announced by the DOT at Detroit’s North American International Auto Show earlier this year that calls for carmakers to work with the government to institute best practices that will protect cars from cyber intruders. The industry’s most significant carmakers have already signed it. This initiative will also work to develop ways to improve collaboration with those involved in broader cybersecurity research.  

In addition, the Automotive Information Sharing and Analysis Center (Auto-ISAC) recently released its first set of cybersecurity best practices. These best practices outline guidelines for automotive engineers to keep in mind: risk assessment and management, security, threat detection and incident response, among other key factors. 

Legislation: Senators Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) have taken a leadership role in the fight to create legislation that discourages car hacking. In July of last year, they introduced a bill calling for the Federal Trade Commission and the National Highway Traffic Safety Administration to initiate measures safeguarding the privacy of drivers and defending against the rising threat posed by car hacking.  

This bill calls for the development of anti-hacking software, and it seeks to create industry-wide standards to test and evaluate each carmaker’s cybersecurity protections. The bill also encourages greater transparency by calling for the development of a window sticker letting consumers know the extent of each vehicle’s cybersecurity safeguards. This would allow car shoppers to factor in a vehicle’s cybersecurity capabilities when making buying decisions.  

A More Secure Future 

We may not be too far from a day when car shoppers are able to access information regarding a vehicle’s cybersecurity capability as easily as they can access information regarding its fuel efficiency.  

When this happens, car buyers will have the information they need to speak with their wallets and pocketbooks when it comes to cybersecurity.
 

Warren Clarke is a consumer advice writer for CARFAX who writes about connected cars. He prides himself on offering helpful advice regarding car buying and car ownership, including keeping an eye on your car’s maintenance history.

Not an NMA Member yet?

Join today and get these great benefits!

Leave a Comment