A newly released report by Senator Ed Markey(D) of Massachusetts highlights the risk of wireless hacking into the control systems of new cars. New cars may contain as many as a hundred million lines of code. The newest and most advanced fighter, the F-35 Joint Strike Fighter, only has eight million lines of code and troubles with code development have reportedly delayed the functionality of the fighter’s gun system.
Emerging IoT presents major cybersecurity challenges
Senator Markey points to the lack of security in automobile systems as an area of increased concern. At least as far back as 2010, researchers published information on successful wireless attacks on automobile systems. Initial hacks focused on door lacks and remote start systems. As car manufacturers roll out increasingly automated systems for collision avoidance, off-board monitoring of internal systems, and vehicle-to-vehicle communications systems the potential number of entry points for hackers and malicious software increases. In 2013, two hackers demonstrated they could take control of steering and braking systems of popular Ford and Toyota cars. The vulnerability of cars depends on the system architecture and wireless connection points like Bluetooth and cellular connections points. Phones connected to cars offer another vector for insertion of malware.
Similar risks are involved with other web-enable consumer devices. Nest thermostats, IP enabled cameras, and even refrigerators have been hacked. Additionally, cars and home devices have the ability to accumulate large amounts of personal data. The issues of privacy rights to that data remain to be determined. The I Am the Calvary group has called for the auto industry to adopt security best practices on a voluntary basis. If industries building web enabled and high tech devices fail to voluntarily adopt better security practices, law and regulations may force them to take action.
For individuals it is important to understand what risks you are assuming by buying and using high-tech web enabled devices. As technology advances, the threats change. While a car is not normally considered a piece of critical infrastructure, if your car is hacked while you are driving, it is critical to you.