Skip to Content
Help wanted sign
In The News

Cybersecurity in cars: Are we at risk?

July 30, 2015 / 3 min read

Today’s connected cars provide innovative technologies to interact between drivers, their devices, and their cars. While these new technologies provide convenient opportunities for car companies and their customers, they also expose them to cybersecurity breaches.

In a 2013 study, two researchers demonstrated their ability to connect to two cars using a laptop and cable. In a controlled setting, they demonstrated their ability to access the car’s engine control units and cause cars to suddenly accelerate, turn, brake, beep the horn, control headlights, and modify speedometer and gas gauge readings. Following this research, a Defense Advanced Research Projects Agency (DARPA) study noted concerns related to a vehicle’s controller area network (CAN) bus, which allows microcontrollers and components in cars to communicate without using a host computer. Specifically, DARPA noted that the CAN bus was accessible via Bluetooth, malware on a synced Android smartphone, and a malicious CD file.

Scary right? There’s more. Hackers can access your car’s communications systems and cause a variety of damage through interfaces including:

In addition to the above attack surfaces, cybersecurity experts are more concerned with telematics systems found in most cars. They’re great technologies, but they can allow hackers to connect to your car from miles away. Luckily, there have been no known incidents—yet. The only known vulnerability was discovered via a test where German researchers sent fake messages to a SIM card in a BMW’s telematics system and were able to lock and unlock car doors. This vulnerability was updated with a security patch.

In February 2015, Senator Ed Markey released a report: Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk. The report incorporated input from major OEMs, including Detroit’s Chrysler, Ford, and GM. In the report, one of the OEMs identified a third-party application on Android devices that could integrate with cars via Bluetooth. The OEM had the app removed from the Google Play Store. Another report disclosed that individuals have attempted to reprogram onboard computers to increase engine performance.

Over the last 18 months, OEMs have dedicated cybersecurity expert teams to investigate potential issues and mitigate them. OEMs have also formed a consortium to share cybersecurity information to protect the industry called Auto-ISAC (Information Sharing Advisory Center). There are a number of solutions to the above security issues and some of them are already in use in 2014 and 2015 models. They include:

This may be alarming, but the good news is that many of the issues raised have come from researchers, security experts, and OEMs—not from hacking incidents. It’s great to see the industry working to get ahead of hackers. Let’s hope it stays that way.

This content originally appeared at crainsdetroit.com and is part of a special blog series on cybersecurity.

Related Thinking

Business professionals in a conference room discussing FFIEC CAT sunset
December 16, 2024

FFIEC CAT sunset: Considerations for choosing a new cybersecurity framework

Article 6 min read
Business professional checking the multifactor authentication code on their cell phone.
November 1, 2024

Preparing for the inevitable: Navigating third-party tech failures

Article 7 min read
Parent sitting on the floor with their child and learning about how school districts can proactively manage cyber risk to protect student data.
October 30, 2024

Cybersecurity essentials for K-12 schools: Protecting students and data

Article 6 min read