And what can we do about it?
By Martin Banks
With more connected devices than ever, cybersecurity is a more prominent issue today than ever before. You’ll see articles and discussions about security for computers, smartphones, and wearables, but these may not cover everything. As more vehicles are including internet-based functions, should we be worried about vehicle hacking?
Ten years ago, this question would seem like nothing but science fiction. Now that we’re on the cusp of the driverless vehicle revolution, though, it may require some attention. Here’s a closer look at connected cars and whether they present a cybersecurity risk.
The Rise of the Connected Car
To understand the gravity that vehicle hacking may present, you first have to know how prevalent connected vehicles are. When you look at the data, you realize these technologies may be more widespread than you thought. There were more than 50 million shipments of connected cars in 2019, up 45% from the year prior.
With an adoption rate like that, it won’t be long before connected cars cover the roads. Not everyone needs to drive an internet-enabled vehicle for them to impact everyone, either. Any hacked automobile endangers nearby drivers and passengers, so even with a low penetration rate, they could be risky.
Cars aren’t the only connected vehicles out there, either. Other modes of transportation, like ships, are also becoming increasingly connected.
How Are Vehicles Vulnerable?
It’s evident, then, that there are enough connected vehicles for hacking to be a concern. The number of potential targets isn’t the only factor at play, though. You also have to consider what makes these cars targets in the first place.
The answer to this one is relatively straightforward. You can hack almost anything with an internet signal, especially if it’s an active connection. Internet-based functions in cars, like online radio, are active as they send and receive commands, meaning you can hack them.
Some vehicles use the Internet of Things (IoT) devices to do things like track engine performance or measure fuel efficiency. These sensors provide hackers with another point of entry if they don’t include proper security features.
Is There a Precedent for Vehicle Hacking?
So has anyone hacked into a vehicle before? Yes, and vehicle hacking incidents may be more frequent than you’d think. According to the cybersecurity firm Upstream, there were roughly 150 car hacking incidents in 2019.
Considering how many connected cars there are, that figure isn’t that massive. You should also consider that this number also includes hacks on automotive companies, not just cars themselves. Still, it represents a 99% increase over 2018’s hacking incidents, which is a troubling trend.
While these real-world instances may not have been too harmful, tests show that they could be. In 2015, hackers remotely cut the power of a Jeep as it was driving in a demonstration for Wired. If this were to happen outside of a safety showcase, it could have disastrous results.
Responses from Manufacturers
Some good news is that vehicle manufacturer are aware of these potential risks. After the 2015 Wired hacking demonstration, Fiat Chrysler sent 1.4 million car owners to flash drives containing software patches. Similarly, Tesla updated all Model Xs after researchers hacked into one and activated its brakes.
Both of these instances involve manufacturers responding to an issue they initially missed. Had malicious actors exploited these problems before white-hat hackers, they could’ve been much more severe issues. Still, with these cases attracting media attention, more manufacturers will take cybersecurity seriously while in production.
As vehicles become more teched-out, it means more tech experts are involved in the design and production process. With the presence of these voices, manufacturers could take a greater interest in cybersecurity.
Defending Against Vehicle Hacking
Drivers of connected cars aren’t helpless concerning cybersecurity. Built-in cybersecurity systems are a necessary step in vehicle production, but drivers can protect themselves in other ways. The rising concerns over vehicle cybersecurity have led to the emergence of companies selling third-party security solutions for cars.
Operators using IoT devices in their vehicles should ask the device providers about security features. Experts also recommend that they require transparency and high standards from any company that receives data from these sensors. Fleets shouldn’t work with any business that doesn’t showcase appropriate data governance.
If more owners and drivers speak up about security issues, manufacturers will likely respond to the market pressure. As the public shows interest in security, the producers will offer it.
Security Expert Recommendations
To recap everything we’ve established so far: hacking vehicles is possible and has some precedent, and manufacturers are addressing the issue. Additionally, drivers can protect themselves as a supplementary layer of security. The last step in deciding whether this is a cause for worry is looking to the experts. So what do they think?
Cybersecurity authorities have become increasingly concerned with vehicle hacking in the past few years. Late last year, the Federal Bureau of Investigation (FBI) warned of growing cyberthreats in the automotive industry. The Bureau cited the increase of data coming from vehicles as a reason why hackers may target cars.
In response to these threats, the FBI suggested auto companies take cybersecurity more seriously. Notice they didn’t say to abandon the concept of a connected car altogether. Manufacturers should just keep security at the forefront.
Vehicle Cybersecurity Today and Tomorrow
With all these factors in mind, should we be worried about vehicle hacking? There may not be a cause for worry, but there is certainly reason for increased concern. This issue is a minor one right now, but it’s also growing. It requires adequate attention, but not panic.
Vehicle hacking isn’t a widespread problem today, but it could become one in the future. Manufacturers should start investing in more thorough security solutions as they add more internet-enabled functions to their automobiles. By addressing these issues today, we can stop a crisis tomorrow.
The Age of IoT Brings New Challenges
Technological revolutions always come with some growing pains. As the IoT becomes more prevalent, cybersecurity likewise turns into a more pressing concern. That doesn’t mean we should avoid the era of connectivity, but that we should take care to secure it.
You shouldn’t worry about vehicle hacking, but you should take it seriously. With a widespread effort to combat security issues before they appear, the future of connected vehicles will come sooner.
About the Author
Martin Banks is the founder and Editor-in-Chief of Modded. You can find his writing all over the internet. He covers tech, gear, cars, and more.