Ever More Computerized, Cars Are Hackers' Next Prime Target
A new, particularly scary version of an automobile 'break-in'.
TEL AVIV — Just like every other day, seconds after your car engine starts, your automobile computer asks whether you wish to connect your smartphone. You confirm as always, and the car links within seconds to Facebook, Waze and Google. But imagine if today, the data is flowing not only to your car’s computer but also to malicious hackers.
This is no fantastic scenario. Many of today’s high-end cars “speak” with smartphones that can regulate the vehicle’s various controls. The technology even exists in such common car models as the latest Toyota Corolla.
“You can’t honestly say something is impossible,” Ford’s director of information technology, security and strategy Rich Strader said in an interview three years ago, when the technology was in its infancy. He said then that information threats were continuously evolving.
Given the rapid technological development since 2011, automakers are now busy assessing future threats. Israel, where a wealth of IT security technologies have been developed in recent years, is a hub for the global car industry's search for a range of solutions for combating breaches and information theft from cars.
Israel Ron, CEO at Spotem, which deals with information security, says hacking a car's information is no longer the stuff of sci-fi. He explains that vehicles are connected to their environment on three levels: 1. between the entertainment system and the cloud via apps; 2. through inter-vehicle communication, a technology that will be relevant within a few years and will allow cars in close proximity to communicate; 3. between the car and nearby infrastructure — for instance, a traffic light that informs the car the light is about to change.
“Each of these has the potential of allowing a harmful crack," says Ron, who advises the global car industry on information security. "Cloud apps include a lot of information, and once you allow an app in the car’s ‘brain,’ a breach is created through which information could leak.”
Cracking a car’s firewall could cause serious damage, he says. “For example, it’s possible to take over the car’s fans and then cause the engine to overheat. If the car is linked to a cloud, it’s possible to misguide the navigation system and even create traffic jams. When a car is connected to a smartphone, this is a particularly easy task for a trained hacker who would know how to break the defenses.”
Erez Kreiner, president of Five C, an information security company, agrees. “When you drive a car, you’re driving a computing system that is vulnerable to cyber-threats,” he says. “In recent years a reprogramming feature has been added to car computers. Today, it could take merely Windows software to change parameters in these computers. Lately, the different parts of the car communicate with each other and with external systems using a wireless technology. Now cars are able to use wireless communication to tell the manufacturer a repair might be needed. Some cars can even tell when they are nearing a traffic light. This information is accessible to hostile parties, and the issue of virus penetration into cars has become more relevant than ever.”
Sky (and cloud) is no limit for malice
“With the appropriate resources, the sky is the limit for any malice,” Kreiner says. “It’s possible to cause damage to a specific person the same way it is possible to hack into his email account." He notes that once a car’s number is identified by a hacker, it is possible to reach the owner’s most private details, to know what their driving route is, who their friends are.
Today, for example, some cars can even park themselves — the computer controls the steering wheel and the brakes. "If a hostile party gets hold of this system, it could end with an accident," he says. "The same way hackers break into computer systems just for the glory, they can also harm cars, blackmail the owners. The fact that automakers have been discussing anti-viruses and firewalls for cars is no coincidence.”
Kreiner says the defense for this type of crime are systems that can determine if and when something is going wrong. “You can’t escape the fact that soon securing cars’ computers will be as routine as fueling the cars. Automakers are already on it, mainly with contractors such as IT specialists, and carmakers’ computers will be secured the same way big corporations secure their computers.”
All of which is not to say that drivers should be paralyzed by fear. “One should view things in proportion,” says Kreiner. “The hacking issue is no secret, and carmakers are aware and do the best they can to implement the appropriate protections. But we shouldn’t forget that mobile phones are a popular, computerized device whose security occupies the brightest minds, and still they can be hacked.”