When in the market for a car, you probably want the most advanced model your budget will allow. That may mean the automobile can assist you with steering into a parking space, stop on its own to avoid a collision, or even reach destinations without any guidance.
These advancements are undoubtedly fascinating. However, they also highlight the growing need for enhanced automotive cybersecurity. When licensed drivers operate cars, they bear a responsibility to use their vehicles safely for their benefit and everyone else nearby. However, what if a hacker took over their car? Researchers have repeatedly proved that’s not a far-fetched idea.
Connected Cars Are Commonplace
The first reality that highlights the need for better cybersecurity in cars is that so many vehicles have connected features.
A recent report from ABI Research featured fascinating statistics for context. It revealed that there would be 30 million new connected cars on the road in 2020, including 91% of the automobiles sold in the United States that year.
That’s particularly eye-opening considering that the market analysis company viewed 2020 as a “flat year” for the sector when compiling their report. They expect a total of 115 million connected car shipments globally by 2025.
Another important thing to remember is that even older vehicles typically have connected features.
A 2016 study from University of Birmingham researchers identified a flaw in the keyless entry systems on Volkswagen Group vehicles dating back to 1995. The team specified that thieves could use an inexpensive piece of radio hardware to intercept the key fob’s signals, then use them to clone the gadget and steal the vehicle.
This issue could reportedly affect millions of vehicles. It also highlights a related problem. If automakers use the same underlying systems for many years without upgrading the security, it’s only a matter of time before cybercriminals figure out how to exploit those vehicles.
Hacks Could Happen
Unfortunately, car hacking is not a theoretical topic dreamed up by people who create sensationalist headlines. It’s a genuine threat that’s progressively raising concerns within and outside the automobile sector.
A 2019 report from a nonprofit warned that vulnerabilities in the top 10 car models of 2020 could result in approximately 3,000 deaths if hackers decided to simultaneously tamper with them during rush hour. The coverage clarified that the infotainment system tech in these vehicles links to the cars’ controller area networks. That approach dates back to the 1980s and means the infotainment system connects to safety-critical components, like the engine and brakes.
Research conducted elsewhere also examined 367 publicly reported automotive cybersecurity incidents occurring over 10 years. The data indicated a 605% increase in such events since 2016 and confirmed that they doubled in 2019.
Moreover, of the 2019 attacks, 82% occurred remotely. The report’s authors warned that cybercriminals could carry them out from anywhere in the world.
Balancing the Risk and Reward
Cars and their components have always had risks and benefits associated with them. For example, substantial research shows that seat belts save lives. However, they also cause harm in rare cases. That principle applies to cybersecurity in cars, too.
For example, most drivers appreciate infotainment systems and will use them for years without any incidents. They’re also becoming more high-tech, offering users better ways to achieve maximum functionality without distractions. However, more innovations could bring an increased risk of cyberthreats.
An automobile’s panels and touchpoints typically feature specialized coverings. They give people haptic feedback and bring durability to the underlying structure. A lightly textured surface could make it more identifiable, letting a person find nearby buttons without taking their eyes from the road.
Recent advancements in surface-haptic technology also enable engineers and designers to make touchscreen panels that stretch across the car’s entire cabin. Drivers get tactile feedback when they press or swipe the surfaces.
Beyond the materials covering a car’s interior and the feedback people use while making adjustments to the surroundings, you can expect the typical infotainment system to get more feature-filled.
Take Mercedes-Benz’s MBUX Hyperscreen, which debuted at CES 2021. The brand’s chief technology officer called it the “brain of the car” and said the advanced system connects to and communicates with all aspects of the vehicle. It allows users to set up profiles, get personalized suggestions, and more.
However, as mentioned earlier, the infotainment system has posed a longstanding cybersecurity risk since it links to components that are critical for safe operation of the automobile. And hacking the infotainment system is easier than you may think.
Cybersecurity researchers have already successfully infected an infotainment system with malware. They said doing it could be as easy as plugging a USB drive into the car.
Better Cybersecurity Is Essential
Cybersecurity for connected technology should ideally begin in the earliest stages of developing a product. IT teams can release software patches to address known flaws, but it’s better to be mindful of cybersecurity from the start. People can then build products that are hard to hack and feature the latest upgrades to keep them secure and reduce risk.
Considering cybersecurity during the early stages of product development is becoming more commonplace for some merchandise, but not typically for connected cars. However, that could change soon, especially with the upcoming requirements surrounding automotive cybersecurity.
By 2024, all new vehicles produced in the European Union must follow regulations created by the United Nations Economic Commission for Europe (UNECE). They encompass areas such as security by design, secure software updates, and responding to cybersecurity incidents. Japanese and Korean automakers also agreed to abide by these rules, but they don’t apply in North America.
Moreover, the International Organization for Standardization (ISO) is preparing a framework that will assist auto manufacturers in assessing cybersecurity risks and making cars more secure at all stages of the development lifecycle.
These are steps in the right direction, but there’s still a long way to go. More progress will happen when all of the world’s top automakers take cybersecurity seriously and do not treat it as an afterthought.
Automotive Cybersecurity as a Competitive Advantage
When many people shop for cars today, they look for statistics about how the vehicles they’re considering performed in crash tests, how eco-friendly the models are, and whether the options are reliable. Those things are undoubtedly important.
Soon, though, people may start paying more attention to cybersecurity measures. You might see a logo in the owner’s manual or advertising materials to indicate the car met a minimum cybersecurity standard and receives wireless updates as needed.
Poor cybersecurity in cars is not a problem that keeps most people up at night. However, these examples show that it’s past time to make meaningful improvements that keep cars innovative without putting people at risk for catastrophes. Once automakers do that, their actions will make them more competitive in a crowded marketplace full of picky buyers.
