Dark Side of Vehicle Connectivity Uncovered at Cybersecurity Conference | Edmunds

Dark Side of Vehicle Connectivity Uncovered at Cybersecurity Conference

LIVONIA, Michigan — Cybersecurity experts from several industries discussed the "dark side" of connected vehicles at a conference this week conducted by the Center for Automotive Research.

The issue is a "real and growing threat for the automotive industry," said Dr. Andrew Brown Jr., Delphi Automotive's vice president and chief technologist.

One panelist called 2015 "the year of auto cybersecurity."

Key findings that should concern consumers: Most of today's vehicle networks were not intended to be secure and most vehicles have over 50 vulnerable attack points.

Almost every automaker in the U.S. has a connected telematics service, a key area that is currently the first point of attack for hackers, according to panelists.

These services include GM's OnStar, Ford Sync, Chrysler Uconnect and BMW Assist.

There are many benefits to connected cars, of course, including easy access to smartphone and onboard apps, accessibility to cloud-based apps and data, real-time software updates and increased safety through vehicle-to-vehicle and vehicle-to-infrastructure communication.

But, as is the case with computers, tablets and smartphones, these benefits bring along with them a number of potential threats that need to be anticipated and thwarted.

As previously reported by Edmunds, a security flaw was recently uncovered through testing that could have allowed 2.2 million BMW, Mini and Rolls-Royce vehicles worldwide to be remotely unlocked by hackers through BMW's ConnectedDrive system. The problem was resolved with a security patch.

It hasn't happened yet, other than in tests, but the idea of a hacker taking control of a car to crash it, steal it or even use it as a weapon is enough to make some drivers start shopping for a well-restored classic vehicle. Maybe something from the 1950s.

Dr. Anuja Sonalker, lead scientist and program manager for research firm Battelle, said at the conference, hackers could use a connected vehicle as a "springboard" to gain access to a variety of confidential personal data.

For example, smartphone or cloud-based apps could provide entry into a driver's credit cards, bank accounts or other financial information.

And a recent report by Senator Edward J. Markey (D-Mass.) found that "there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information."

Many of the conference speakers echoed the conclusion of Senator Markey's report.

Efforts are well underway to meet the challenges.

Praveen Narayanan, the research manager for automotive and transportation at Frost & Sullivan, called 2015 "the year of auto cybersecurity," noting that the topic has exploded over the past 18 months.

Suggested improvements include bringing higher-quality software engineers into the automotive industry; establishing cooperative relationships between manufacturers, suppliers and researchers; using "white-hat hackers" to test security measures; establishing industry-wide standards and platforms; firewalls separating critical components; and building redundancies into vehicle communication systems to ensure multiple verifications of signals.

Edmunds says: As vehicle connectivity increases, consumers will be watching closely to see how well automakers are able to meet these cybersecurity challenges.

Leave a Comment