As cars go increasingly digital\u2014and connected\u2014cyber security experts worry that they also are becoming a lot more vulnerable<\/h4>\n

Security experts paint a grim picture of what might lie ahead with a growing threat of malicious hackers accessing connected cars remotely<\/h4>\n

Hackers may have a new target in their sights\u2014one that\u2019s just as central to everyday life as computers are.<\/p>\n

Our cars.<\/p>\n

As vehicles fill up with more digital controls and internet-connected devices, they\u2019re becoming more vulnerable to cybercriminals, who can hack into those systems just like they can attack computers. Almost any digitally connected device in a car could become an entry point to the vehicle\u2019s central communications network, opening a door for hackers to potentially take control by, for instance, disabling the engine or brakes.<\/p>\n

There have been only a handful of successful hacks on vehicles so far, carried out mostly to demonstrate potential weaknesses\u2014such as shutting down moving a car and taking control of another\u2019s steering. But security experts paint a grim picture of what might lie ahead. They see a growing threat from malicious hackers who access cars remotely and keep their doors locked until a ransom is paid. Cybercriminals also could steal personal and financial data that cars are starting to collect about owners.<\/p>\n

Or they might get even more ambitious. Some experts warn of a day when millions of fully internet-connected vehicles will be at risk of being hijacked remotely. A mass hack could be catastrophic for the self-driving cars of the future, especially if those cars don\u2019t have steering wheels or other backup systems to let drivers take manual control.<\/p>\n

Now the auto industry and lawmakers are rushing to meet these threats. Congress is proposing new standards that car companies must meet to guard against cyber attacks. Car makers are beefing up their software to make their vehicles tougher to hack, as well as reaching out to benevolent hackers to help them identify potential security flaws.<\/p>\n

While there are disagreements among manufacturers and security experts about the exact magnitude of the possible threats, there is a widespread consensus that action is needed immediately to minimize risks.<\/p>\n

Cyber intrusions have given automakers a \u201cwake-up call\u201d over the past five years, says Phil Jansen,\u00a0Fiat Chrysler\u00a0\u2019s\u00a0vice president for North American product development. \u201cIt has caused us to rethink how we set up architectures\u201d for vehicle electronics.<\/p>\n

The new vulnerability comes as automakers are increasingly using software to control features and functions that have long been dominated by hardware, such as braking, gear shifting, and throttle control. It represents a seminal break from the mechanical hydraulic systems of the recent past, one that began with the introduction of electronically controlled fuel injection in the late 1960s.<\/p>\n

\u201cSoftware is rapidly replacing hardware,\u201d says Colin Bird, a senior automotive industry analyst at\u00a0IHS Markit\u00a0Ltd.<\/span>\u00a0\u201cMore than 50% of a car\u2019s value today is defined by software, and that is continuing to increase.\u201d<\/p>\n

The digital features go far beyond rudimentary diagnostic monitoring systems standard in most cars on the road. Newer cars have modems enabling internet connectivity; today, these are used mostly used for entertainment, but they are fast evolving into portals for software upgrades of critical systems and for sending data to cloud-computing networks.<\/p>\n

Even older models can be retrofitted with Wi-Fi routers and Bluetooth modules that create wireless networks in and around a car, enabling drivers to do things like answer phones hands-free, determine how many miles are left in the tank before the next refill and stream videos to the children in back seats.<\/p>\n

Cybersecurity experts say this has made cars far more like personal computers, with all the vulnerability that comes with that. Yet until recently, network security was largely treated as an afterthought\u2014the systems were designed to give auto mechanics access to a car\u2019s functions, not fend off criminal hackers.<\/p>\n

A handful of widely publicized attacks has demonstrated that vulnerability, including a 2014 incident involving a Jeep Cherokee. Hackers looking to point out potential vulnerabilities found a password to a Wi-Fi hot spot and cellular connections used in the Jeep\u2019s central display and entertainment system. From there, they accessed the car\u2019s internal computer network and took control of functions ranging from the door locks and window wipers to electronically assisted steering. That prompted the recall of 1.4 million vehicles by\u00a0Fiat Chrysler Automobiles and served as a warning to the industry that car networks are no longer islands unto themselves.<\/p>\n

Earlier this year, researchers at Argus Cyber Security Ltd. remotely shut down a car\u2019s engine using a Bluetooth-enabled device that monitors engine performance and downloads vehicle data, made by German auto-parts supplier Robert Bosch GmbH. The company says the device was in limited distribution and that it immediately sent out a patch to fix the flaw. Separately, Bosch said this month that it has developed an encrypted standard for over-the-air software upgrades in vehicles.<\/p>\n

Last month, cyber sleuths at security provider Trend Micro\u00a0Inc.\u00a0disclosed a flaw in almost all cars from the past 30 years that makes any number of safety features\u2014such as anti-lock brakes\u2014vulnerable to attack. First, however, hackers need to gain access to a car\u2019s internal communication network by compromising a device connected to it, such as a smartphone or USB adapters. But once inside, researchers found they could shut down critical systems relatively easily by mimicking\u2014or spoofing\u2014error messages on the central communications network standard in most cars.<\/p>\n

No simple fix<\/h3>\n

\u201cThere\u2019s no simple fix,\u201d says Mark Nunnikhoven, vice president of cloud-computing research at Trend Micro. \u201cThis kind of internal network was never meant to be connected the way it is now.\u201d<\/p>\n

Another immediate concern for safety experts is customer data. Automakers are setting up cars to collect and transmit a wealth of detailed information such as the auto\u2019s location, speed, and even the driver\u2019s alertness\u2014in other words, how, where and in what condition someone drives. Industry officials say carmakers are preparing to roll out connectivity packages allowing owners to interact with service providers and, for example, make purchases by credit card from the car while on the road.<\/p>\n

All of which could make that information a hacking target for spam-based marketers or thieves looking to hijack people\u2019s credit cards or blackmail them using personal information about their whereabouts or state of health.<\/p>\n

Privacy advocates say more safeguards are needed to make it harder for other people to get personal information about drivers\u2014whether the disclosures are authorized or not.<\/p>\n

\u201cCars are for many Americans their second home. I don\u2019t think I\u2019m exaggerating when I say that probably most of us have danced in our car, cried in our car, and we\u2019ve yelled in the privacy of our car,\u201d says Joe Jerome, a lawyer with the Center for Democracy and Technology a Washington, D.C.-based nonprofit advocacy group. \u201cA lot of this technology sort of changes that dynamic.\u201d<\/p>\n

But the really serious threats, security experts say, lie a few years ahead, as internet-connected networks spread across car makes and models. For instance, hackers might lock the doors of an entire model line, extorting the automaker to allow it to regain access.<\/p>\n

\u201cIt is just a matter of time before large-scale attacks occur\u201d on automobiles, Miroslav Pajic, Duke University assistant professor of electrical and computer engineering, said at a June conference on connected cars co-sponsored by the National Highway Traffic Safety Administration and the Federal Trade Commission.<\/p>\n

Elon Musk, the chief executive of electric car-company\u00a0Tesla\u00a0Inc.,<\/span>\u00a0highlighted the danger in a July speech to a gathering of state governors in Rhode Island. Predicting almost all new cars will have the fully autonomous driving capability within a decade, Mr. Musk said that could prompt a \u201cfleetwide hack.\u201d<\/p>\n

In the wake of the recent incidents involving security flaws, and the threat of more, the government is starting to weigh in. Last year, the FBI issued a statement warning the public about the risks of car hacks. A proposed bill that passed the House of Representatives this month and is now headed to the Senate would require automakers to appoint cybersecurity officers and implement plans \u201cfor detecting and responding to cyber attacks, unauthorized intrusions, and false and spurious messages or vehicle control commands.\u201d<\/p>\n

Hoping to stave off regulatory action, 14 major automakers created a forum two years ago, known as the Automotive Information Sharing and Analysis Center, or Auto ISAC, to act as a clearinghouse for industry best practices. The group says it will hold its first summit in December.<\/p>\n

Meanwhile, two leading auto-maker trade groups have spelled out privacy principles regarding personal data to give owners more options, such as providing an ability to opt out of services that share data on location and other metrics and adding protections for owners who opt-in.<\/p>\n

Carmakers are also working to fortify their connected systems. They\u2019re patching flaws in software as they become aware of them, and beefing up security so that spoofed, or fake, messages can be identified and stopped, or stymied if they get past defenses. For instance, car engines might not obey a command to \u201cstart and accelerate\u201d unless air-bag sensors in the car confirmed someone is in the driver\u2019s seat.<\/p>\n

General Motors\u00a0Co.<\/span>\u00a0, the largest U.S. automaker, set up a dedicated cybersecurity group three years ago that currently numbers 80 people. In July, GM hired two cybersecurity experts who directed the Jeep hack in 2014.<\/p>\n

\u201cWe have re-engineered our vehicle-development process to include cybersecurity considerations from the earliest stages of vehicle design,\u201d GM\u2019s chief cybersecurity officer, Jeff Massimilla, told a conference on connected cars in June.<\/p>\n

Last year,\u00a0Fiat Chrysler\u00a0set up a \u201cbug bounty\u201d program to pay hackers for information on flaws that could allow unauthorized access, but the company won\u2019t say if that has identified any vulnerabilities.\u00a0Ford Motor\u00a0Co.<\/span>\u00a0and other global auto makers also have active programs to counter vehicle hacking.<\/p>\n

What level of threat?<\/h4>\n

For now, analysts inside and outside the auto industry agree the systemic risk to cars is limited. Most attacks have been contained to a specific vehicle, and usually require close physical proximity and an intimate knowledge of which connectivity technology is being used. All of the known penetrations of vehicles were orchestrated by cybersecurity experts for demonstration purposes.<\/p>\n

These \u201cwhite hat\u201d hackers are more interested in exposing auto makers\u2019 vulnerability and hubris than causing any harm to drivers. And even \u201cblack hat\u201d hackers may be more of a nuisance than a danger, doing things like disabling a rear camera or erasing a digital-music library.<\/p>\n

Security officials say criminal hackers are more likely to remain focused on targets such as financial institutions that can be penetrated remotely, at greater scale and for some sort of financial payoff.<\/p>\n

And some auto-industry representatives say the threat of systemic hacks is overblown, noting that so far there has never been a successful \u201ccommercial hack\u201d by criminal groups.<\/p>\n

\u201cYes, it provides some potential vulnerabilities,\u201d Dave Schwietert, executive vice president of the Alliance of Automobile Manufacturers, an industry lobby, said at the June conference in Washington. But \u201cthe benefits, we believe, far outweigh the downside risks.\u201d<\/p>\n

Consumers are willing to accept that trade-off when it comes to smartphones and other connected devices, and cars are the next logical frontier for the internet to conquer. But as those connections to the outside world proliferate, so does the potential for exposure to bad actors, says Craig Smith, research director of transportation security at\u00a0Rapid7\u00a0Inc.,<\/span>\u00a0a Boston-based security-data and analytics firm, and author of a guide for penetration testers, \u201cThe Car Hacker\u2019s Handbook.\u201d<\/p>\n

\u201cThere\u2019s always a bug you\u2019re not aware of, so you\u2019re not going to be able to avoid penetration at every point of contact,\u201d says Mr. Smith.<\/p>\n","protected":false},"excerpt":{"rendered":"

As cars go increasingly digital\u2014and connected\u2014cyber security experts worry that they also are becoming a lot more vulnerable Security experts paint a grim picture of what might lie ahead with a growing threat of malicious hackers accessing connected cars remotely Hackers may have a new target in their sights\u2014one that\u2019s just as central to everyday…<\/p>\n","protected":false},"author":6,"featured_media":3811,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[47,55],"tags":[],"_links":{"self":[{"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/posts\/3810"}],"collection":[{"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/comments?post=3810"}],"version-history":[{"count":1,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/posts\/3810\/revisions"}],"predecessor-version":[{"id":3812,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/posts\/3810\/revisions\/3812"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/media\/3811"}],"wp:attachment":[{"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/media?parent=3810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/categories?post=3810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/moovafrica.com\/news\/wp-json\/wp\/v2\/tags?post=3810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}