Hacking Cars !

Computer technology came to car manufacturer and makes our life better. A central computer could play video, monitor activities in fuel system and so on. Then communication comes to place, when we could connect our mobile device to a car and then view SMS, play music and even answer calls. As we go forward, these technologies are getting smarter, for example HERE propose a way to have a better life with cars, by monitoring traffic, see which places are prone to damage your car, find place to park cars. I strongly recommend you visit demos in HERE website. Going forward are cars getting smarter, thanks to IoT. It is actually good thing, because soon we will have cars to drive us, our government would have a better data to create rules and monitor situation. So next time, when your car break down, you just need to press a button and it automatically log the problem and request for service to your location. So you don’t need to call a number, share several information, send your location and explain what happens. As we are moving our cars into internet, it promote new risks too. What if someone hacked into our cars and perform some malicious actions and intentionally break down our cars, even damage the breaking system and cause injury and even in worse case, cause dead. There are proof-of-concept about hacking cars out there and it is challenge for car manufacturers to keep their consumers safe on the internet-connected-cars. Why this problem started in first place, we could classify the cause of car-hacking in the following categories:

Lack of expertise: Just if someone could connect to internet and write a bit of python codes, doesn’t make him or her, expert in field of cybersecurity. The problem raised, when people from other backgrounds like mechanical engineering, physics, electronics, design a system which required expertise in software engineering and computer security. Building a safe car which safe passengers against accident is not same as building a car to protect them against hackers.

Requirement Changed but Design Method Doesn’t: When they design cars, they care about safety of cars and protecting passengers against accident, they calculate possibilities to protect passengers against failure of break system. But when they connect cars to other devices and even internet, they just perform a basic security test and create a system which could just work. There is no regular update or emergency response to cyber-threats in internet-connected-cars yet.

Lack of Threat Modeling: They will investigate and create a system which is safe by design, but no model has been proposed to simulate attack scenario to cars. The closer model, would be Microsoft Threat Modeling, but they are not even use it.

To overcome these problems and build a safe internet-connected-cars, car makers, should hire people with expertise in cybersecurity and work with car manufacturer’s designers. They should create a new test cases to evaluate safety of the car from physical security and cybersecurity perspective. Special team should be there to continually evaluate and response to threat, targeting cars which are connected to internet. In new design, risks related to cyberattacks, must be identified and prioritize and method to mitigate and defend them, should be defined. New model should be created to define attacks and propose defense and also create a cycle to identify new threats and combat them regularly. Updates also should be patch to cars without harming the user experience. Update also could be installed during regular PC maintenance.

As conclusion, internet-connected-cars are new opportunity and if they design well, they could even prevent death and accident. Just imagine, in your city, if majority of cars are internet connected, when you are too close to other car, it will automatically detect and press the break. But, if risks of cyberattacks targeting these cars, wouldn’t be identify and mitigate properly, it would create greater risk. Therefore, we need to identify them and prepare ways to protect ourselves against them.



Comments are closed.

%d bloggers like this: