Even though we’re still waiting for our jetpacks, hoverboards, and flying cars (looking at you, scientists), people from 2 generations ago would probably view our world as something out of sci-fi.
Think about it: we use our phones to find out everything from the night’s movie times to who the president of Burundi is — without talking to a single person. We can talk to our cars as if they were people. And our cars can take over for us if we happen to lose attention and drift. All pretty cool — especially if you have a hankering for a “damn fine piece of pie” or happen to nod off for a second (i.e., fall into a microsleep).
On the other hand, we’ve got groups like Anonymous capable of shutting down such seemingly impregnable federal websites as FBI.gov. We get emails from supposed Nigerian princes and the hacked accounts of friends promising or asking for vast sums of money. We live in a world where our credit card numbers — and our very identities — can be taken and used by others if we’re not careful.
And soon, a National Academy of Sciences panel warns, we may need to worry about hackers breaking into our cars, too.
How car hacking can occur
The problem is that modern-day cars have 2 sets of computerized systems: one that controls informational and entertainment (infotainment) devices like OnStar® (which will soon have social network integration), and another that controls vital functions like braking.
And unfortunately, though they’re designed to be entirely separate, it could be possible for savvy hackers to exploit the entertainment computers to access the safety-related ones.
Stefan Savage and Tadayoshi Kohno — professors at UC San Diego and University of Washington, respectively — have found ways to exploit cars’ telematics systems, which make mobile communications possible. They also managed to insert an infected CD into a car’s compact-disc player and use it to control safety systems.
No real-world hackers seem to have pulled the trick off — yet. But a National Academy of Sciences panel is urging automakers to develop solutions before car hacking becomes a dangerous reality.
In fact, SAE International, the Society of Automotive Engineers, is already working to develop industry standards for in-car electronics that will help address just this problem. But even with these standards in place, it could be difficult for authorities to identify cybersecurity vulnerabilities.
After all, automakers and safety experts aren’t cybersecurity experts. In fact, authorities already have their hands full investigating normal malfunctions in auto electronics. And a recent study proves it.
NHTSA ill-prepared to assess modern car electronics
According to the National Research Council (NRC), the National Highway Traffic Safety Administration (NHTSA) lacks the tools and knowledge necessary to properly analyze in-car electronics’ safety. (Including how secure they are against cyber attacks.)
In a recent 162-page NRC study requested by the NHTSA, the research council declared 2 major findings. One, that the NHTSA had been correct in saying that it could find no electronics defects behind recent unexpected acceleration troubles with Toyotas. And 2, that despite the accuracy of these findings, the NHTSA isn’t equipped to keep up with high-speed developments in cars’ electronic devices.
To address the problem, the NRC has issued several recommendations, including the appointment of an outside technical advisory panel to help the NHTSA.
Now that you know a little more about car hacking, what do you think? Will cybersecurity someday be an important consideration when buying a car? Do you think the NHTSA is properly prepared to handle issues involving the complex electronics in today’s cars? Let us know.