The technological sophistication of today’s vehicles makes them increasingly vulnerable to cyber security threats.
The software operating in today’s vehicles has about 100 million lines of code. Due to the advancing of software vehicle cyber threats have become more of a concern. “It would be easy to say the modern car is a computer on wheels, but it’s more like 30 or more computers on wheels,” Bruce Emaus, the chairman of SAE International’s embedded software standards committee, told the New York Times recently.
Although there have been relatively few cyber-related incidents so far, they have exposed some important vulnerabilities. Some examples include:
- In 2015, a team of researchers successfully hacked into a Jeep Cherokee’s infotainment system. They gained control of the vehicle’s engine, brakes, and other critical functions. They were able to do this through a vulnerability in the vehicle’s cellular connectivity system.
- In 2016, researchers were able to remotely access and control a Tesla Model S. They did so by exploiting a vulnerability in the vehicle’s software. They were able to unlock the doors, start the engine, and even apply the brakes while the car was in motion.
- In 2016, security researchers were able to take control of a Nissan Leaf’s climate control system. They did so by accessing it through the vehicle’s mobile app. They were able to turn on the vehicle’s air conditioning and heat, as well as drain the car’s battery.
- In 2013, a team of researchers were able to hack into a Toyota Prius and disable the vehicle’s brakes while it was traveling at high speeds. They were able to do this by exploiting a vulnerability in the vehicle’s wireless communication system.
- In 2018, researchers were able to hack into a BMW’s infotainment system and access the vehicle’s GPS data, microphone, and phone contacts. They were able to do this through a vulnerability in the vehicle’s ConnectedDrive system.
- More recently the press reported a prank in Russia where dozens of cabs converged on a single address in central Moscow, causing a major traffic jam. In addition, a 19-year-old security researcher blogged about how he took advantage of a bug to remotely hack into more than 25 Teslas — “By accident. And curiosity,” he noted.
The main vehicle cyber threats are:
- Cybersecurity threats: With the increasing use of electronic control units (ECUs) and internet connectivity, vehicles are becoming more vulnerable to hackers who can gain access to the vehicle’s systems and take control of critical functions such as brakes, acceleration, or steering.
- Software glitches: As vehicles become more reliant on software, there is an increased risk of bugs and glitches that could cause malfunctions. A software bug could, for example, cause the vehicle to suddenly accelerate or shut down while driving.
- GPS tracking: The GPS systems used in modern vehicles are vulnerable to hacking and tracking. Hackers could gain access to the GPS system and track the vehicle’s location or even to steal the car.
- Sensor malfunction: Modern cars are equipped with a wide range of sensors. They are used to monitor everything from the engine’s performance to the car’s position on the road. If a sensor malfunctions, it could cause the car’s systems to fail or provide incorrect information to the driver.
- Over-the-air updates: Some car manufacturers now offer over-the-air updates to their vehicles, which can introduce vulnerabilities if not properly secured. Hackers could potentially intercept these updates and use them to gain access to the car’s systems.
Research and Solutions
Fortunately, there are several organizations and initiatives working to reduce vehicle cyber threats and risk. They include:
- The National Institute of Standards and Technology (NIST), which has developed and promoted cybersecurity best practices guidance in the United States.
- The Automotive Information Sharing and Analysis Center (Auto-ISAC), an industrywide organization formed by automotive manufacturers to share and analyze cyber threats and vulnerabilities in vehicles.
- The Cybersecurity and Infrastructure Security Agency (CISA), which is a federal agency responsible for protecting the nation’s critical infrastructure from cyber threats. CISA collaborates with the automotive industry to provide guidance and best practices for securing connected vehicles and their supporting infrastructure.
- The Security and Privacy in Your Car (SPY Car) Act. This proposed legislation aims to establish cybersecurity standards for vehicles sold in the United States. It would require automakers to develop and maintain cybersecurity policies and implement measures to protect against hacking and unauthorized access.
- The Federal Automated Vehicles Policy: a set of guidelines issued by the National Highway Traffic Safety Administration (NHTSA) to promote the safe and secure development and deployment of autonomous vehicles.
Overall, modern vehicles are becoming more reliant on electronics and electric vehicles are becoming more common. This has made them more vulnerable to different types of threats. Highlighting the importance of robust cybersecurity measures to protect against these risks.
The automotive industry, regulators, and policymakers are increasingly recognizing the importance of cybersecurity in vehicles. They are taking steps to address this issue and increase security measures to prevent cyber attacks.
Our cyber liability insurance protects individuals and businesses from cyber criminals and attacks. Contact BPJ for a quote today.