Car Hacking from the Couch
Imagine driving along the highway at 70 mph. Suddenly, the air conditioner begins blasting cold air, the radio switches stations and the volume jumps.
Cruising toward an overpass with no shoulder, you lose control of the accelerator. RPMs climb and speed drops as the transmission is disabled.
Ten miles away, a hacker sits comfortably on his couch while he wreaks havoc with your car’s systems.
This scenario may seem like the stuff of science fiction, but it has already been demonstrated by security researchers looking to show vulnerabilities in connected cars. And while it’s a frightening prospect, it should hardly be surprising.
Consumers value bandwidth, apps and connectivity in the way previous generations compared horsepower and torque, and manufacturers have rushed new features to market faster than they’ve been able to secure them. With up to 100 million lines of code, today’s vehicle is a rolling, ragtag collection of industrial-era technologies and outdated, poorly tested code.
Industry initiatives such as the Automotive Open System Architecture (AUTOSAR) and the Japan Automotive Software Platform and Architecture (JasPar) were developed to standardize vehicle control systems. In the United States, the Security and Privacy in Your Car (SPY Car) Act introduced in July 2015 would direct U.S. federal agencies to create standards requiring automakers to secure cars and protect drivers’ privacy.
Suresh Mandava, associate partner for Internet of Things and big data security at CSC, says the industry should learn from aerospace and defense manufacturers and invest in quality coding and stringent testing to reduce the code footprint and standardize hardware components and software platforms.
“Security needs to be baked into the engineering and architecture of the connected car platform — not be an aftermarket fix,” Mandava says.