Connected, self-drive cars pose serious new security challenges

July 23, 2016 by Joseph Szczesny
US Assistant Attorney General for National Security John Carlin told an auto industry conference hackers could remotely control cars with consequences "much greater" than the Nice attack

In a world where motor vehicles can be weapons and cars increasingly depend on internal computers and internet connections, automakers are under increasing pressure to find ways to guard against cyber-attacks.

Auto industry chiefs, security experts and government officials warned at an conference here Friday that hackers can threaten to do everything against cars that they do to other computers: remotely steal owner information, or hijack them and render them more dangerous than the truck that killed 84 people in Nice, France on July 14.

"When you look at autonomous autos, the consequences are so much greater" than the Nice attack by a possibly Islamic State-inspired man, said John Carlin, assistant US attorney general for national security,

"We know these terrorists. They don't have the capability yet. But if they're trying to get people to drive truck into crowds, than it doesn't take too much imagination to think they are going to take an and drive it into a crowd of people," said Carlin.

General Motors' chair and chief executive Mary Barra said that the advanced information technology that comes in new cars, especially "connectivity" systems linking cars to the internet, creates huge new challenges.

"One of these challenges is the issue of cybersecurity, and make no mistake, cybersecurity is foundational," she said.

Barra pointed to the need to protect the of customers who use their in-car system for banking or to pay for other services.

"The fact is personal data is stored in or transmitted through vehicle networks," she said.

On top of that is the complexity of the newest auto IT systems, which, she said, "opens up opportunities for those who would do harm through cyber-attacks."

"Cybersecurity is an issue of public safety," she said.

Carlin said cyber-attacks generally have cost the US economy billions of dollars, and that the problem is that hackers often outrace efforts to strengthen security.

That will be the case for the auto industry, especially as it pushes ahead with self-driving cars, he said.

General Motors' chair and chief executive Mary Barra said advanced information technology in new cars, especially "connectivity" systems, creates huge new challenges
"We know these terrorists. They don't have the capability yet. But if they're trying to get people to drive truck into crowds, than it doesn't take too much imagination to think they are going to take an autonomous car and drive it into a crowd of people," said Carlin.

The problem, said Steven Center, a Honda Motor Co. vice president, is that car makers are under pressure from consumers to add more and more connectivity features to their vehicles.

Using white hat hackers

The landscape is changing fast, according to Jonathan Allen, a cybersecurity expert with Booz Allen who is helping car makers and their suppliers organize to deal with threats.

Up until only two years ago, manufacturers tended to downplay the threat posed by hackers, he noted. But there has been a significant cultural shift within automotive business, which is now taking the challenge very seriously.

For one thing, the threat to the reputation of carmakers is far more substantial, noted Josh Corman, founder of I am the Cavalry, a cybersecurity consulting firm.

Online fraud is one thing, but hacking into cars could actually threaten "flesh and blood", so that have to be even more vigilant, he said.

Jeffrey Massimilia, GM's chief cybersecurity officer, said sharing information broadly across the industry is one of the keys to fighting off the threat.

Within the past year, the industry and key suppliers have gotten government approval to share information among themselves on cybersecurity without the threat of anti-trust action.

Automakers are also recruiting "white hat" hackers who help hunt down vulnerabilities in the IT systems of cars.

"We should have a way for people to find things and report them," said Titus Melnyk, senior manager of security architecture at Fiat Chrysler Automobiles (FCA), which recently invited "the bug crowd" that looks for weaknesses in new software, smartphones, computers or consumer electronics.

"These threats are evolving.... At FCA we take that seriously," he said.

Explore further: Fiat Chrysler offers hackers bounty to report cyber threats

Related Stories

Tesla courts hackers to defend high-tech cars

August 9, 2015

Hackers swarmed a Tesla sedan in a 'hacking village' at the infamous Def Con conference on Saturday as the high-tech electric car maker recruited talent to protect against cyber attacks.

Recommended for you

Meteorite source in asteroid belt not a single debris field

February 17, 2019

A new study published online in Meteoritics and Planetary Science finds that our most common meteorites, those known as L chondrites, come from at least two different debris fields in the asteroid belt. The belt contains ...

Diagnosing 'art acne' in Georgia O'Keeffe's paintings

February 17, 2019

Even Georgia O'Keeffe noticed the pin-sized blisters bubbling on the surface of her paintings. For decades, conservationists and scholars assumed these tiny protrusions were grains of sand, kicked up from the New Mexico desert ...

Archaeologists discover Incan tomb in Peru

February 16, 2019

Peruvian archaeologists discovered an Incan tomb in the north of the country where an elite member of the pre-Columbian empire was buried, one of the investigators announced Friday.

Where is the universe hiding its missing mass?

February 15, 2019

Astronomers have spent decades looking for something that sounds like it would be hard to miss: about a third of the "normal" matter in the Universe. New results from NASA's Chandra X-ray Observatory may have helped them ...

What rising seas mean for local economies

February 15, 2019

Impacts from climate change are not always easy to see. But for many local businesses in coastal communities across the United States, the evidence is right outside their doors—or in their parking lots.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.