Imagine strolling into an auto dealer’s showroom and seeing cyber-security specifications listed alongside mileage estimates on the vehicle window stickers. “Absurd”, you say? Maybe not.
The same types of electric components that allow us to enjoy Bluetooth phones, satellite radio and GPS navigation systems are also integrated into a host of other features, including acceleration and stability controls. The proliferation of technology now has some scientists worried that hackers could use onboard infotainment technology to manipulate computers that control automotive safety features.
Insurance Institute for Highway Safety president Adrian Lund warns, “There clearly is a vulnerability. All these electronics we’re bringing into cars seem to exacerbate that.”
Lund participated in a National Academy of Sciences panel that reviewed the work of U.S. regulators in determining the cause of the highly publicized “unintended acceleration” incidents that plagued Toyota vehicles in 2010.
In a January 18 report, the panel stated that although safety and entertainment systems are intended to work independently of each other, “it is not evident that this separation has been adequately designed for cybersecurity concerns.” The panel also concurred with U.S. regulators in their assessment that the unintended acceleration incidents in question were the result of faulty electronics.
Although the threat of an individual hacking into the onboard computers in order to hijack the acceleration, steering or braking seems somewhat farfetched, automotive engineers are attempting to identify potential vulnerabilities while they are still hypothetical in nature in order to calm the fears of consumers who have become increasingly sensitive about privacy threats.
University of California-San Diego computer science professor Stefan Savage said that auto thieves could potentially exploit such vulnerabilities and remotely open and start vehicles. Hackers could also conceivably listen in on conversations taking place between passengers inside their vehicles.
Escrypt is a leading provider of embedded security that serves automotive clients. The company’s CEO, Andre Weimerskirch, said that any electrical automotive component or system, from brakes to radios, can potentially be hacked. Weimerskirch says, “”Once you have access through the infotainment system, the question is could a hacker get access to the safety-critical components.” He is urging his clients and federal regulators to take such threats seriously, and work to minimize them.
In an email statement, NHTSA spokeswoman Lynda Tran said the agency is addressing cybersecurity concerns. Tran said, “The agency recognizes there are potential vulnerabilities, especially those related to future connected vehicles, that need to be fully understood and addressed. NHTSA has been conducting exploratory research and is now planning further efforts that would evaluate the vulnerabilities and possible counter-measures on an industry-wide basis.”
Please click the following link for more automotive industry news.