Automobiles are starting to resemble robotic smartphones on wheels. Unfortunately, that makes them a pretty juicy target for would-be hackers.
So far there have been relatively few incidents of car hacking beyond demonstrations by security researchers. However, GM CEO Mary Barra said today that car security would become a significant public safety issue in the years to come. “A cyber incident is not a problem just for the automaker involved,” Barra said at an industry conference held in Detroit. “It is a problem for every automaker around the world. It is a matter of public safety.”
Barra said the industry would need to collaborate on the problem: “We view cybersecurity not as an area for competitive advantage, but as a systemic concern in which the auto industry’s collective customers—and society at large—are best served by industry-wide collaboration and the sharing of best practices.”
Security researchers have shown for years that cars can be hacked, and the risk has increased as cars have become more computerized and networked (see “Is Your Car Safe from Hackers?” and “Your Future Self-Driving Car Will Be Way More Hackable”). There have also been a few real-world hacking episodes, including cases of thieves stealing vehicles after connecting to their computer systems and a disgruntled employee disabling more than 100 vehicles using an after-market immobilization system.
Following such episodes, carmakers have begun stepping up efforts to design vehicles to be more secure, but some experts warn that more needs to be done (see “Carmakers Accelerate Security Efforts After Hacking Stunts”).
In her speech, Barra also hinted at some of the threats car owners might soon face as hackers turn their attention from smartphones and laptops to vehicles. “The threat landscape is continually evolving, and sophisticated attacks are specifically designed to circumvent even the most robust defense systems,” she said. “Whether it is phishing or spyware, malware or ransomware, the attacks are getting more and more sophisticated every day.”
The Alliance of Automobile Manufacturers, an association of 12 carmakers including GM, Ford, BMW, Volkswagen, and Toyota, and the Association of Global Automakers, an industry trade association, this week released a set of best practices on automotive security. These include recommendations to share information about vulnerabilities and to design systems with security as a priority.
Under Barra, GM has taken a more aggressive approach to technology, developing vehicle-to-vehicle communications and automated driving systems. The company recently bought Cruise, a company developing after-market automated driving systems, and has invested in the ride-hailing company Lyft.
GM pioneered the use of connectivity with OnStar, a subsidiary that provides hands-free calling, navigation services, and diagnostics through a dedicated cellular link. Other carmakers, such as Tesla, have taken the idea much further, though, allowing a vehicle to be upgraded or reconfigured over the air.