Car Hacking, The Future Vehicle Maintenance Problem You Should Know About

January 22, 2020

Connected cars brought about a new set of cybersecurity challenges that could raise havoc for everyone on the road.

Most people have heard the term Internet of Things (IoT). The term represents the concept that more than just computer will be connected via the internet.

The emergence of IoT can already be found in things such as in-home security systems, smart appliances and watches. While providing convenience, IoT harbors a great deal of potential pitfalls that must be addressed.

Recently, instances of home security cameras being hacked have flooded the news. Hackers have infiltrated systems, then using access to record or harass people in their homes. The potential dangers become evident.

Vehicles Run on Computer Code—Not Just Gas

The vehicle as we know it, began transforming from a collection of mechanical systems into a mobile computer network in the mid-1980's.

The modern vehicle operates using a collection of small computers—known as electronic control units (ECUs)—numbering around 150. That's 150 micro-computers, all part of the internet, that drivers must trust to get from point A to point B.

Like all computers, vehicle ECUs require coding to perform their respective functions. It doesn't take long to imagine the complexity of all the code required to operate a vehicle.

Currently vehicles contain 100 million lines of code, with the number increasing to 300 million lines of code by the year 2030.

Compare that to some of the most sophisticated vehicles that exist now.

Passenger Airliner	  15 M lines of code
Military Jet Fighter	25 M lines of code
Microsoft Windows	    40 M lines of code
FaceBook		          60 M lines of code

Car-Hacking, The Next Frontier of Cybersecurity

Computer code instructs your car how to function, from opening and closing doors to informing drivers of fuel level. Change the code, and the vehicle will perform differently.

Car-Hacking is when that code gets changed unintentionally by an outside actor. Prior to the connected-vehicle, the car-hacker would need direct access to the vehicle to alter code. Now with vehicles connected to the vast network that is the internet, access to the 150 computers that make up a vehicle's systems, that code can potentially be changed remotely.

Car-hacking has arrived. In actuality, it arrived in 2010 when the first recorded incident of car-hacking was recognized. The first remote hacking of a vehicle occurred In 2014.

The first vehicle recall due to car-hacking happened in 2015.

Car-Hacking, How Can It Be Stopped?

The reality of car-hacking, or any hacking for that matter is it can't be stopped. Car-hacking requires very little effort and resources to accomplish, adding to the inherent risk.

Avoiding car-hacking will require improvement in two critical areas; prevention and intrusion detection.

Prevention will require a combined effort from automakers and OEMs. Many of a vehicle's systems and parts are manufactured by completely different vendors. For example, while Ford assembles the vehicle, Garmin could be responsible for making the radio.

That radio will need to communicate with the vehicles other ECUs. Will the protocol used by the radio be as secure as the one required to control the vehicle's safety systems? Currently, the answer would be we don't know. No standards exist among the various manufacturers in terms of cybersecurity.

With the introduction of over-the-air (OTA) updates, a new level of risk has been introduced. While in the past, a car-hacker needed a physical connection to the vehicle, internet connected vehicles allow car-hackers more options and points of attack.

Connected phones could be a major source of weakness, especially since most phones are designed without in-depth consideration of the potential connected vehicle. Combine user existing vulnerability via smartphones and use of apps, and car-hacking seems almost unavoidable and difficult to detect until it's too late.

That's why car-hacking experts want to see a detection layer added to existing systems. It will be critical to know when a latent car-hacking attack has been implemented.