Tech leaves cars vulnerable

A Kiwi cyber-security company has warned that technology in today’s cars is so hackable that drivers are at physical risk of their vehicles being intentionally crashed, reports Stuff.co.nz.

Vladimir Wolstencroft, security consultant at Aura Information Security, says there are between 20 and 70 microprocessors in a modern car system, and each has its own specialised function and varying degrees of communication with other components.

“So in reality these vehicles can be treated as complex computer networks as opposed to a single entity - and as most of us in the cyber security field know, complex computer networks are very hard to defend.” “The reality is we all need to be aware of the danger the cyber-physical world can bring, especially through the introduction of connected systems to our everyday lives," Wolstencroft adds. He says that the development of connected car systems is based on “early 2000s thinking” in terms of security. “So what happens when we introduce these concepts to an industry that should have safety regulations? Particularly when a security breach can have a serious impact - for example crashing a car?” He says there are three major issues that carmakers and testing authorities face when it comes to technology and its influence in the auto industry. These include the inability to test for malicious third-party acts, such as hackers, a lack of understanding of what happens when critical and non-critical systems are connected, and a lack of consumer knowledge and visibility when it comes to cyber threats. Wolstencroft says connected cars are built using technology which is well understood by hackers, is difficult to secure and allows remote access. The technology includes cars equipped with Bluetooth, keyless locks that use radio frequency, GPS and phone sync systems. Modern cars have begun connecting their entertainment systems, telematics and GPS to critical control functionality, he adds, which can expose a vehicle to remote attacks. If the telematics and Bluetooth are on the same network as the brakes, steering and the engine, the compromise of any one system can lead to the compromise of the safety of the vehicle. “This is where our first point comes in regarding the inability to test for malicious third party hackers. Vehicles are designed five years or more in advance of them actually being available to consumers. This means they often feature old technology that is vulnerable to attack.” Wolstencroft says testing not only has to take place for the obvious and known, but also for the unpredictable and unknown. “These technologies no doubt make our lives easier, safer (in certain respects) and in general better. But they do introduce new risk into our lives which we must acknowledge for the short term if we want to really change the prospect of securing the cyber-physical world.”