Your Next Car Could Get Hacked

The average car on sale today has over 100 microprocessors. We are speeding
down highways in essentially glorified supercomputers that happen to have a
purposeful fire under the hood. In general, anything that is connected to a network is hackable, and the cars that we drive are increasingly becoming more and more connected. That makes sense, everyone wants the big screen and newest features. Unfortunately, that spells danger for the average consumer.

For context... Tesla leads the U.S. automakers in China due to their software prowess. Automakers have realized that markets abroad, as well as domestic, prefer complex infotainment systems. Many companies are working on autonomous vehicles, and the total automotive revenue pool could grow by another $1.5 trillion by 2030, up 30% from today according to McKinsey.  

The issue with a connected vehicle is that it exposes the “attack surface” of a
car, enabling backdoors to be exploited. Let’s take an example. Say you have a new car, and it has Bluetooth, Wi-Fi, over-the-air updates, and more. Some cars can also control their headlights as you turn... so that means the headlight has to communicate via a wire or port to the car’s main computer systems. Information goes both ways... so imagine if you took out the headlight and plugged a laptop in that contained a malicious software? Sounds crazy, but it's been done.

CEO of GRIMM (a cyber research firm), Jennifer Tisdale spoke with Auto Digest and shed some light on the topic. She stated that, "The hardest challenge in the industry currently is building trust with clients after basically hiring hackers. Not all companies are okay with people having access to intellectual property. Automotive cybersecurity is still new, and it varies so much from model to model and even package to package. Another risk is that suppliers produce parts that are used in many different models, and if someone knows a vulnerability in that part... they're in."

The main challenge with developing security for cars is that every vehicle is
different, and the systems that are put in place must function for around 15
years. Over the air updates and repair of computer software must be
possible by mechanics, yet safe enough so that not just anyone can gain access to your car’s systems. If that were to happen, imagine the power a criminal would have if they could control brake force and engine speed?

All of the vehicles today connect to other cars, our phones, and infrastructure.
According to Aptiv, in the blink of an eye, the average vehicle on the road today will communicate over 100,000 pieces of data.

"As the car evolves into the center of an IoT environment we (collectively) will need to address cybersecurity concerns in how communications between vehicles (V2X), communication between vehicle and infrastructure (V2I), and vehicle interaction to the world around it or everything (V2X). We must also weigh what is possible against what is probable which is also a dynamic conversation in that what is true today, may not be true tomorrow. " - CEO of GRIMM, Jennifer Tisdale

Another concern for suppliers and manufacturers alike is that along with the change in the future of transportation mobility, so too are the skills needed for the future workforce and it is an all-hands-on-deck situation. Until such time academia is able to catch up it will be a kind of self-driven market. No schools currently offer specific training on automotive cybersecurity.

The rapid industry shift towards EV's, autonomous vehicles, and connected cars presents many risks for the average consumer if not done correctly and with cybersecurity in mind. Keep an eye on the headlines, because it's only a matter of time before stories begin to surface of vehicles being hacked at scale.

Subscribe to our newsletter for more auto industry analysis and stories. We will keep you in the loop.