Car hacking: Are car makers prepared for cyber attacks?

By dpa | 31 January 2019


MUNICH: In 2014, Charlie Miller and Chris Valasek shocked the car industry by showing how easily they could hack a car: The duo were able to remotely control a Jeep's air conditioning, windscreen wipers and even the accelerator.

As more and more technology creeps into our cars — designed to make life easier, of course — the fear of somebody hacking into the system and possibly doing serious damage is becoming increasingly realistic.

"Networks are a gateway," says police commissioner Alexander Rimkus, who wrote a thesis on safety gaps and manipulation. Anyone who wants to cause trouble can find a vulnerability in the system.

For car hacking, you need to be clever, and also need money for the right equipment, says Stefan Roemmle, who is in charge of security development at Continental. But Rimkus says that there are enough criminal groups that can provide the right components — "cybercrime as a service" is how they put it.

According to Rimkus, cyber criminals today are mainly focused on blackmailing people. For example, if a hacker can get into the system of an entire fleet of cars, then that would be a very attractive method to blackmail a big company. But the 23-year-old also sees terrorist attacks on vehicles and traffic systems as a potential threat in the future.

Rimkus says there is no real solution to this vulnerability yet. But, one option would be to eventually only allow certain autonomous cars that have been certified as being safe on the roads.

"If I look back on the past few years, then cybersecurity has definitely become an increasingly important topic in the car industry," says Peter Schiefer, a specialist for semiconductors in the car industry. The company he works for, Infineon, delivers safety technology to carmakers.

Continental's Roemmle says that completely networked cars will be the norm by 2025, when every new car will have this technology. "Completely networked" means that cars will be able to communicate with each other and the surrounding infrastructure, such as traffic lights.

"Every car that is newly registered in Europe today can automatically connect the emergency call system E-Call, which means it can connect to the web," says Schiefer. He thinks that in five years time, there will be more than 100 million connected cars on the roads.

Other gateways for cyber criminals are all interfaces that exchange data with the central control system. "Every single device must be safe," says Roemmle. To avoid the nightmare scenario of having an entire fleet shut down because of hackers, Roemmle says Continental is "taking steps."

For German carmaker Volkswagen, the issue is a ticking time bomb. Rolf Zoeller, the company's head of electric and electronics development, says VW is focusing on taking "absolutely appropriate countermeasures at the highest technical level," and that the carmaker is taking hacking "extremely seriously." In 2016, Volkswagen and a group of Israeli experts founded a new company to focus on cyber security.

Manufacturers and providers also need to keep an eye on their vehicles' longevity. "The capabilities of attackers will be vastly different in five years than now," says Thomas Rosteck, head of the security department an Infineon. "So I need to already start thinking about how I want to be able to react, so how I can adapt security." Vehicles need to be prepared for potential attackers in advance.

IT security company Trend Micro estimates that the biggest weaknesses can be found in cloud technology. The company's experts assume that attackers will use artificial intelligence for cyber crime in the future. Continental's Roemmle says its vehicles' security levels in the cloud were equally secure as online banking services.

Roemmle also explains that each car has a digital key, that can shut down certain functions of the car if it detects unusual outside influence on the system.

According to experts, the kind of attack demonstrated by Miller and Valasek in 2014 would not be possible now. But it is, and will continue to be, a constant battle over who has the technological upper hand.

Keywords