The Mechanic Doctor

Resources for Amateur and Pro Auto Mechanics

The Mechanic Doctor
Blog 

Modern Cars with Advanced Tech Features and Cybersecurity

The Mechanic Doctor

What You Need to Know to Stay Safe

When you compare the technology in vehicles today with what was in the Model T, you’ll see that we have progressed light years ahead of where we started. Today’s modern vehicles are equipped to do everything from providing you with an onboard video and GPS system, tell you when you need maintenance, automatically brake when you’re too close to other vehicles, and sometimes even take over the entire task of driving. However, with these advances, there are also security concerns.

Imagine driving a vehicle and all of a sudden it starts driving itself. Or, the vehicle starts accelerating and you cannot brake. Or, someone steals your identity based off of the information stored in your car. These are not scenarios of some futuristic sci-fi movies. They are real-world examples of cybersecurity threats that have been identified and are completely possible with connected cars. The National Highway Traffic Safety Administration has recalled more than 1.4 million vehicles due to cybersecurity risks.

While vehicle manufacturers and app developers love to tout their latest advances, to stay safe, security must evolve as vehicles become more connected. Here is what you need to know about cybersecurity in vehicles today and how you can stay safe.

What Is Vehicle Cybersecurity?

Cybersecurity deals with the vulnerabilities that develop as we become more dependent on information systems and connectivity. Cybersecurity helps to protect these systems and the information they contain.

Vehicle cybersecurity deals with protecting vehicles from harmful attacks, theft, unauthorized access, and other threats.

In the excitement of adding new innovations to vehicles, some manufacturers and regulatory agencies have gotten behind on ensuring proper vehicle cybersecurity systems are in place to protect against harmful threats. This is why it is important for consumers to understand potential security vulnerabilities so that they can take the necessary steps to protect themselves until regulations catch up.

Current Research on Cybersecurity in Cars

Cybersecurity in vehicles is a relatively new phenomenon, so current research is exploring topics such as:

  •  Anomaly-based intrusion detection systems, objective test methods, and how effective they are
  • Cybersecurity of firmware updates, including physical and over-the-air transmissions
  •  Cybersecurity solutions for heavy vehicles
  •  Vehicle-to-vehicle communication interfaces and verification methods
  • Cybersecurity risks of today’s vehicles and principles and guidance that could improve cybersecurity in the future

What Makes Cars Hackable?

Smart cars are particularly vulnerable to hacks because they are so connected. Each point of connectivity represents a potential security vulnerability, including cellular and Bluetooth connectivity. Being connected to the Internet means that the vehicle can potentially be hacked.

Today’s average car contains more than 150 million lines of computer cord, according to a KPMG report. This is more code than some airplanes.

Hackers exploit vulnerabilities, including in the car entertainment system and the electronic control unit (ECU).

Many countries do not have regulations in place that require the evaluation of cybersecurity risks, and automakers may not voluntarily take on this added burden and expense.

Additionally, it can be difficult for automakers to update a vehicle’s ECU or to get consumers to care enough to install software and firmware patches.

Hackers use these security vulnerabilities to:

  • Hijack the ECU
  • Gain access to the vehicle
  • Stop the vehicle, make it accelerate, make it brake, or turn it off to support a ransomware attack
  • Install malware to steal the owner’s personal information

What Personal Information Hackers Can Obtain?

It is estimated that self-driving vehicles will generate and consume approximately 40 terabytes of data for every eight hours they are driven, today’s modern smart car does not use quite as much data. Nonetheless, it still collects and compiles massive amounts of data. One Harvard study reported that smart cars collect the following types of personal information about their drivers:

  • Name
  •  Age
  •  Gender
  • Weight
  • Insurance information
  •  Location
  • Routes taken
  • Time spent at locations
  • App data usage
  • Images your vehicle takes
  • Driving behavior

The study concluded that the manufacturer who makes your smart car most likely owns this data, so it is free to give it or sell it to whomever it wants. Information stored in today’s smart cars could potentially affect insurance rates. The day may come when a person’s driving records are affected and violations are issued based on just this type of data.

The Federal Trade Commission has published a report regarding the type of data that smart cars can collect and warning consumers about the safety and privacy concerns about this data. However, there are no federal consumer protection laws regarding the use of big data in smart cars in The United States today.

Any time that a hacker has access to your personal information, there is a possibility that they can use this information to steal your identity, exploit you, or use it for nefarious purposes. Consumers may want to periodically review their driving records to ensure that they are not inaccurate. Additionally, routine identity theft monitoring can help mitigate this risk.

The Need for Vehicle Cybersecurity Reforms

Currently, the National Highway Traffic Safety Administration’s cybersecurity requirements are limited. It only encourages the automotive industry to adopt practices that improve cybersecurity. There are no federal guidelines in place in the United States that mandate the safeguarding of consumer information in smart cars or other regulatory frameworks.

Reform is needed to help prevent attacks, which may include new regulations regarding all of the following:

  • A host-based defense – Host-based defenses could be built into the vehicle’s ECU. Such a defense could help prevent the vehicle from becoming compromised or making the owner a victim of a ransomware attack.
  • Stronger development standards – The standards for vehicle systems and apps could be made stronger to further prevent attacks and security vulnerabilities. Having stronger systems at the beginning of development could also minimize the need to constantly install security patches.
  • Ongoing assessments – Auto manufacturers could conduct ongoing security assessments of their vehicles and scan for potential vulnerabilities. Having a team attempt to penetrate the vehicle’s layers of security could help identify vulnerabilities and correct them before the vehicle is released into the market.

Upcoming Automotive Cybersecurity Regulations

Some participants in the automotive industry and regulatory framework have taken notice of the security issues surrounding connected cars. For example, the United Nations Economic Commission for Europe is currently working to implement regulations that would improve cybersecurity and the management of software updates. These regulations are expected to become effective in July 2024 in the European Union. Additionally, Japan and Korea have agreed to abide by the standards. However, these standards do not apply to North American automakers, making it even more important for regulators to create meaningful reforms for this segment of the market.

Protecting Yourself from Vehicle Cybersecurity Threats

Until regulators adopt the necessary reforms, some ways that you can protect yourself from real-world cybersecurity threats include:

  • Update the information in the vehicle so that the previous owner or dealer cannot access it
  • Avoid installing software on your vehicle that is not approved by the manufacturer
  • Set a strong password and remove the default password in your vehicle
  • Install software security patches
  • Hire a trusted mechanic to look for security vulnerabilities

The Bottom Line

As vehicles continue to be connected and reliant on information systems, consumers are more vulnerable to potential attacks. Consumers should anticipate cyberattacks on their vehicles and ensure that they take all necessary precautions. Reform is necessary to protect the public, but it may lag behind the advent of new technology. Ultimately, consumers must make informed decisions about the risks and benefits of any technology they use while giving serious consideration to security vulnerabilities.

 

Author’s BIO: Ben Hartwig is a web operations director at InfoTracer. He authors guides on marketing and entire cybersecurity posture and enjoys sharing the best practices.   You can contact the author via LinkedIn.