Why should we continue to test and retest the security on the vehicle?
Despite testing and warnings of security issues, the security on current vehicles is still lacking. This can be extremely dangerous to drivers and their families who may be subjected to a cyber attack using a new method and technique that does not allow the manufacturer time to correct the issue. The potential loss of life or serious injury due to a cyber attack on a vehicle is a very real concern, yet hackers may be willing to risk the lives of others for the excitement and for 15 minutes of fame. The attacker(s) post their video on a social media site, do interviews, and secure a few free t-shirts.
The vehicles that manufacturers here and abroad produce have to be safe. Unless their systems are safe, they have the potential to be weaponized. If controlled or manipulated by hackers, the vehicle’s path could be altered to the driver’s, passengers, and community detriment. Since research has proven that vehicles can be hacked, our vehicles have to be made secure against such attacks. A consumer certainly does not want to be driving along and have the brakes or selected brake pad lock up forcing you into other lanes, the ignition turned off, or self steering activated.
Manufacturers have to ensure that their vehicles function appropriately, and without interference. Each vehicle has multiple networks, each communicating with each other and to receptors outside of the vehicle. If the systems are not working correctly, the driver, for example, may receive a false positive, e.g. the right front tire is fine however the sensor is reporting 5psi. This may create an issue.
The driver may want to know if someone had modified the vehicle without the driver’s consent and knowledge. This breach would be of a nature the driver would want to know of. The security function of the vehicle is to ensure its systems are still reliable and valid. A security function would need to be fully operating to ensure nothing had been modified without the manufacturer’s or owner’s consent.
Without the security being in full force and effect, anyone with the requisite knowledge and tools could modify the vehicle’s settings or codes in the car without physically touching it or even being proximate. Without the security being active, someone in Australia could successfully attack a vehicle in Ireland, turning the radio on and off, turn the heat up in the middle of summer, the headlights off at night, apply the brakes, accelerate the car, or take over the steering.
The individual driving the vehicle, passengers and others proximate to the vehicle need to be confident, secure in the knowledge that as the vehicle is hurtling down the expressway it is entirely safe. Accidents may occur due to mechanical failures or with items that wear out over time, but that should not be confused with deliberate acts of malicious individuals interfering with electrical or mechanical systems that could result in physical harm. The systems on our vehicles need to be safe and secure…which is what a strong cyber defense is all about. Learn more ways to protect your business at The National Cybersecurity Institute.
Charles Parker, II, has been coding since the mid-1980’s, and has been working in the finance, auto manufacturer, and health industries seeking secure solutions for issues for over 17 years. Charles has an MBA, MSA, JD, LLM, and is a doctoral candidate for a PhD in Information Assurance and Security.