Vehicles have been a rite of passage for many Americans.
What hasn’t been a traditional rite of passage, however, is having to protect your child’s vehicle from a life threatening cyber attack.
Is cyber hacking a vehicle truly a modern day danger that we all must be concerned over? Yes. This issue has been taken to a much more dangerous level, as an article in Wired Magazine recently points out.
Vehicles are a rite of passage for many Americans. Very few forget the feeling they experienced the first time they sat behind the wheel of their first car, truck, etc. Also, very few parents forget the feeling they had as their child drove off for the first time without anyone else in the car with them. Did they remember their seat belt? Are they going to pay attention? Will the car protect them in an accident? These are just a few questions that go through a parent’s mind as they see the car round a corner and out of sight.
However, most people do not think of the more modern day concerns and potential issues that may be present, such as the susceptibility of vehicles to cyber-attack, even from hundreds or thousands of miles away. While functionality to control various car subsystems remotely has been around for several years, such as with Chevy’s OnStar equipped vehicles, the original consensus was that no one else had access to the system. This has been proven untrue as a 2010 article in PCWorld illustrates, the ability to immobilize a car this way has been out there for years. And just recently, this issue has been taken to a much more dangerous level, as an article in Wired Magazine from July 21st of this year points out.
As every computer owner is aware, digital viruses plague the overall computer industry even to this day. Most computer users currently understand the necessity of having anti-virus software and not inserting USBs, CDs, etc. into their systems without knowing where it came from. However, as a 2012 paper by Hiro Onishi maintains, portable devices, including cell phones and music players, present a real concern for automotive computer systems. This includes the susceptibility of those devices to cyber-attack given the lack of true cyber security and assurance in the development of the software.
The overall security industry has been slow to respond to this growing threat. Just a cursory search on Google for “current requirements vehicle computer security” brings up only a single company, Argus, which specializes in Automotive Cyber Security. This search does provide multiple links on the issues in general, and suggestive steps to combat the threat, but there is no standard, agency, or requirement that the steps be implemented. The absence of these items could impact lives if, for example, someone managed to lock up the brakes while a car is moving on the highway.
Going forward there should be, at a minimum, mandatory requirements for each vehicle that uses a connected interface:
- Anti-virus installed on each vehicle
- Required documentation/review of how to maintain this provided to each customer
- Built-in ability to keep the anti-virus files updated
While not sufficient as a long term solution, these items are a good start toward addressing the growing exposure of cyber-attacks on vehicles. In the future, many cyber security industry experts believe there should be some type of regulation or certification process that computerized vehicles must pass before they can be sold to consumers. The threat of cyber-attacks will continue to grow and simply providing a username/password is no longer a solid prevention method to cyber security. This is never more evident in newer vehicles that include built-in Wi-Fi capabilities, such as those being implemented in Onstar enabled vehicles. Without some type of prevention mechanism in place, the likelihood of impact to human life will increase substantially over time.