Lack of cyber security poses threat to modern cars

January 31, 2017, Delft University of Technology
Credit: Shutterstock

Cars are becoming increasingly smarter and are connected with each other and their surroundings to an increasing extent via their on-board systems. From April 2018, it will be mandatory for all new cars manufactured in the EU to be connected via eCall (emergency call). However, these mobile computers are not designed to keep malicious hackers at bay. The automotive industry needs to take the lead in order to improve cyber security. This is the conclusion of Hebert Leenstra derived from his research into the automotive industry conducted at the Cyber Security Academy in The Hague. Herbert Leenstra believes that it is high time for a complete overhaul of the ICT architecture in cars to ensure that consumer safety is guaranteed.


Connected cars, including self-driving cars, are in constant communication with their surroundings. All modern cars are fitted with microchips featuring software that controls various functions of the car, such as engine management, navigation and the entertainment system. This software uses Bluetooth, WiFi, 4G/5G or satellites to communicate with other cars and networks. Herbert Leenstra explained, 'It is fairly easy to gain access to the vehicle's CAN bus using the internet. The CAN bus is where all of the ICT systems come together, essentially the car's cyber backbone. This is where you can adjust all the car's settings, so hackers who gain access can directly influence the car's safety devices. In 2015, hackers successfully gained access to an American Jeep Cherokee while it was on the road. They were able to jam the brakes and adjust the speed of the vehicle.'

Fundamental flaws

The research found fundamental flaws in the ICT architecture of the current generation of vehicles. Leenstra clarified, 'The research shows that there are various ways for hackers to access the car's ICT system. For example, the entertainment system currently grants access to the engine system, while there is actually no plausible reason for these two systems to be linked. Now that the current generation of cars is connected to the internet, hackers can also use the internet to hack various car systems.'

Lack of cyber security poses threat to modern cars

The research has resulted in concrete steps being identified, which the various parties in the automotive sector can take to improve cyber security in cars. Leenstra added, 'Firstly, need to redesign the current CAN bus system in their cars so that the car's essential and non-essential systems are separated. This would make them less susceptible to hacking. Secondly, the government needs to offer confirmation on several fundamental principles, so that the is able to build upon solid foundations. For example, the industry is awaiting answers on subjects including the length of time that car manufacturers are required to support car software updates, security patches and firmware updates. Another question concerns how the updates should be implemented. Such an update could proceed via a USB stick or via the internet, but a USB stick can naturally hold all sorts of information.'


Leenstra also thinks that improvements could be made regarding the role played by insurers, sharing information about incidents and expertise on . Leenstra clarified, 'Europe could follow America's lead and establish a car Information Sharing and Analysis Center (ISAC). Within an ISAC, all involved parties share their information and experiences regarding security.' And the consumer? 'Consumers should be sure to ask their dealer critical questions about how cyber secure the car is, and how the manufacturer can prove the car's credentials.'

Explore further: Call issued to white hat hackers—find the flaws in new automotive software updater

More information: Multi-actor roadmap to improve cybersecurity of consumer-used connected cars. … inal-v11-01-2017.pdf

Related Stories

Tesla courts hackers to defend high-tech cars

August 9, 2015

Hackers swarmed a Tesla sedan in a 'hacking village' at the infamous Def Con conference on Saturday as the high-tech electric car maker recruited talent to protect against cyber attacks.

Recommended for you

Permanent, wireless self-charging system using NIR band

October 8, 2018

As wearable devices are emerging, there are numerous studies on wireless charging systems. Here, a KAIST research team has developed a permanent, wireless self-charging platform for low-power wearable electronics by converting ...

Facebook launches AI video-calling device 'Portal'

October 8, 2018

Facebook on Monday launched a range of AI-powered video-calling devices, a strategic revolution for the social network giant which is aiming for a slice of the smart speaker market that is currently dominated by Amazon and ...

Artificial enzymes convert solar energy into hydrogen gas

October 4, 2018

In a new scientific article, researchers at Uppsala University describe how, using a completely new method, they have synthesised an artificial enzyme that functions in the metabolism of living cells. These enzymes can utilize ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.