Daily BulletinDaily Bulletin

The Conversation

  • Written by The Conversation
imageWhen your car becomes a computer, you're problems just got much bigger.car by Denys Prykhodov/shutterstock.com

While computers bring great benefits they come with drawbacks too – not least, as news stories reveal every day, the insecurity of often very private data connected to the public internet. Only now that computers are appearing in practically everything, the same insecurity also applies – as demonstrated by the drive-by hack of a speeding Jeep SUV, hijacked and shut down by security researchers as it sped past at 70mph.

Vehicles are growing ever more sophisticated, with technological additions to newer models designed to increase safety, comfort and convenience while providing entertainment features and improving the car’s environmental impact. These innovations are more than just marketing ploys for manufacturers to sell their vehicles as cutting edge, they also help save money on materials and to comply with increasingly stringent safety and environmental laws.

Consider the benefits of a fully-connected vehicle: computers are never distracted, never get tired. They may be able to learn from driver behaviour and, using technologies such as active lane assist, can even correct human errors of judgement to a certain degree. Human productivity can be boosted, allowing for example a hands-free phone call while behind the wheel. Concepts such as platooning – where cars follow each other closely in a train – could help reduce congestion while allowing speedier commutes and greater fuel economy.

However this drive-by vehicle hack (on which there will be a presentation at Black Hat conference later this year) and others, such as the method of compromising brake systems using DAB radio signals, demonstrates the dangers of considerably networked, computerised vehicles designed without adequate protections.

More software, more problems

Precise details about how the Jeep was hacked, other than that the public IP address must be known, and that the attack relies on the uConnect mobile phone network, are yet to be revealed. While this gives the manufacturer time to provide a patch to fix the problem in this case, the vulnerabilities of mobile phone and internet network connections have been researched for years and are well-known and well-understood. If anything, this vehicle hack shouldn’t come as any great surprise; more surprising is the lack of care paid to securing these well-known angles of attack in the first place.

Exploiting software flaws remotely through an internet connection – the most likely culprit – is made possible because we prize internet and phone connectivity sufficiently that manufacturers will fit it to our vehicles. This allows access to any piece of exposed hardware that is not “air-gapped”, in other words physically separate and unconnected from the rest of the system. An attacker can pivot through the system, using one compromised component in order to compromise another, until the keys to the kingdom are acquired – in this case the critical control units capable of shutting down the engine.

imageKeys no longer required.

Introducing these wireless network interfaces to vehicles presents the greatest danger: the ability to control cars, or even many cars en masse, from any distance. This possibility has caused such alarm there are plans in the US (where this attack was demonstrated) to introduce new legislation to tackle the issue.

Complexity creates vulnerability

That’s not to say that network connectivity is the only issue. The presence of considerably more software in modern cars alone is a significant contributing factor to security problems. It has been estimated there is a software engineering industry average of 15-50 errors per 1,000 lines of code. The same can be said for integrating so many different systems, features and technologies – added complexity makes security testing much more difficult. These challenges, when vehicles migrate from being connected to being fully autonomous, could potentially have even broader security ramifications.

With any feature that makes something more safe, convenient or entertaining, there is potentially an equal amount of convenience for an attacker if sufficient defences haven’t been put in place. The documented incidents of vehicles stolen by hacking keyless entry systems were down to technology designed to make unlocking a car more convenient for customers. Alas, the convenience works both ways.

Achieving safety and security has always been – and will continue to be – a balancing act. The National Highway Traffic Safety Administration (NHTSA) in the US states that in 94% of cases the last failure leading to a crash can be attributed to the driver. In the face of such evidence, despite the security vulnerabilities that may emerge as they are deployed and used, it would be counter-intuitive to ignore technology that could potentially save lives.

What is required to prevent these emerging problems from becoming overwhelming is an engineering process that embeds security in automotive design from the outset, implemented using secure coding practices as is found in other safety-critical areas such as nuclear reactor management or air traffic control, and reinforced with robust security testing procedures.

Only then will we see the world’s car manufacturers move from the back foot to the front foot in the face of an internet-full of would-be cyber-carjackers.

Madeline Cheah is a PhD student at Coventry University. She is affiliated with HORIBA MIRA Ltd.

Authors: The Conversation

Read more http://theconversation.com/online-carjacking-do-auto-manufacturers-realise-dangers-of-networked-motors-45079

Our helicopter rescue may seem a lot of effort for a plain little bird, but it was worth it

arrow_forward

I'm searching firegrounds for surviving Kangaroo Island Micro-trapdoor spiders. 6 months on, I'm yet to find any

arrow_forward

Double trouble: this plucky little fish survived Black Summer, but there's worse to come

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Scott Morrison Interview with Ray Hadley, 2GB

RAY HADLEY: Prime Minister, Scott Morrison, supposed to be on holidays. He's not. He's online. Prime Minister, good morning.    PRIME MINISTER: G’day Ray. Certainly staying very close to every...

Scott Morrison - avatar Scott Morrison

Scott Morrison Covid 19 update

PRIME MINISTER: Good afternoon, everyone. Today I’m joined by Professor Paul Murphy - sorry, Professor Paul Kelly. I’ve got Brendan Murphy still on the brain. You are not far from us, Brendan. B...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Ben Fordham, 2GB

FORDHAM: Thank you very much for talking to us. I know it's a difficult day for all of those Qantas workers. Look, they want to know in the short term, are you going to extend JobKeeper?   PRI...

Scott Morrison - avatar Scott Morrison

Business News

Fifth Dimension: Identified as one of the world’s leading strategic consultancies

Sydney based consulting company, Fifth Dimension, has been recognised for its ground breaking work, receiving a place in the GreenBook Research Industry Trends (GRIT) Top 25 Strategic Consultancie...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

Understanding Your NextGen EHR System and Features

NextGen EHR (Electronic Health Records) systems can be rather confusing. However, they can offer the most powerful features and provide some of the most powerful solutions for your business’s EHR ne...

Rebecca Stuart - avatar Rebecca Stuart

SEO In A Time of COVID-19: A Life-Saver

The coronavirus pandemic has brought about a lot of uncertainty for everyone across the world. It has had one of the most devastating impacts on the day-to-day lives of many including business o...

a Guest Writer - avatar a Guest Writer



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion