By 2025, forecasts predict that there will be hundreds of millions of connected cars on the road. More and more computerized features are being integrated into connected vehicles to make driving easier, safer and more enjoyable.
However, innovation comes at a cost. Hackers are constantly on the lookout for ways to exploit new technologies in order to penetrate vehicle systems. Unfortunately, there are endless opportunities to exploit. Remote cyber attacks using off-board devices such as mobile phones and attacks that rely on physical access aim to put entire fleets at risk. As such, the automotive cyber threat landscape is growing increasingly complicated as the industry struggles to secure vehicle systems and keep safety and privacy a top priority.
The fundamental challenge is not new: cybersecurity threats have existed as long as people have used computers in sensitive applications, and wide-spread attacks on networks have been public knowledge for nearly 30 years. The industry already recognizes the threat. As GM’s head of product cybersecurity, Jeff Massimilla states, “Cyber is something customers are making purchasing decisions on…the customer’s notion of a particular company’s cybersecurity proficiency is likely to become like many other competitive metrics when it comes to winning a spot on a buyer’s consideration list.”
If an auto’s technology isn’t secure, hackers can steal data. They can track your GPS information, for example. Or they can do things much scarier. Hackers could remotely take command of your vehicle, forcing it to obey the hacker instead of you, a terrifying prospect. Hackers could use commands to remotely activate or deactivate features such as your A/C and windshield wipers, or control your steering, brakes or engine.
Thankfully, a major malicious cyber attack on a group of connected vehicles has yet to take place. But the potential danger was illustrated dramatically in 2015 when two white-hat hackers remotely took control of a Jeep Cherokee and cut its transmission on the highway as part of a research initiative. The well-publicized incident prompted Chrysler to recall 1.4 million vehicles.
This demonstration shows cybersecurity researchers remotely hacking a Jeep Cherokee on the highway. Watch it, and you’ll immediately understand why cybersecurity is such a concern.. Moreover, these vulnerabilities extend far beyond one single brand — they also affect BMW, Tesla, Volkswagen and many more. If you can drive it and it has Internet of Things (IoT) devices — which virtually all modern vehicles do — it can be hacked.
Hackers will typically take the path of least resistance. The automotive industry needs to create as many obstacles as possible to discourage hackers. In order to protect a car, we need to view cybersecurity in a holistic manner, from the fleet to the last component inside a car.