A modern by-product of cars today is the need to protect them from cyber security threats. We have all experienced some form of technology security issue from a simple virus to a “denial of service” attack where a system is overloaded on purpose to the point it fails. I wrote an article about technology security earlier this year.
In most instances, the issue turns out to be more of an annoyance than a critical and life threatening event. Unfortunately that cannot be said of new cars – especially autonomous ones that create and collect huge amounts of data. With today’s Big Data processing systems it is possible to combine data from vehicles, phones and other devices to be able to see what a human is doing. If this data is stolen, it could be used for illegal purposes.
With more and more computing power being fitted to cars to manage the vehicle, it is already a concern for the manufacturers that the data and the Central Processing Unit (CPU) are secure. The ISAC – Information Sharing and Analysis Centre – has been set up by the industry already. They are concerned that if a CPU is compromised or taken over then the vehicle can be hijacked. In fact they claim that a crim needs to be within 500 feet of a vehicle to gain access.
We have seen vehicles already hijacked in controlled circumstances – back in 2015 a Jeep Cherokee was shutdown when researchers were able to tunnel through the infotainment system to the ECU. This resulted in a recall that affected 1.4M FIAT, Chrysler, Jeep and other group marques. Later a Tesla Model S was hacked and control of the vehicle was taken over by other researchers. In this instance, the recall closed six “vulnerabilities” found in the code.
We are now five years on from those controlled hacks and more vehicles including trucks are being tested for autonomous use. We have seen high profile accidents with autonomous vehicles, all of which I would put down to human error rather than a software failure and that includes the fatal Tempe accident involving a self driving Uber under test – the driver who should have been alert, wasn’t.
The concern is really about what is happening to the data generated from an autonomous vehicle – is it retained exclusively in the car until it is securely downloaded and processed, or does the data get transmitted back to base on the fly. If it does, is that communication link encrypted? Then, if the data is collected in a central point and cleansed of personal identifiers, how is that data stored – and secured?
We have seen data breaches in many industries that has seen personal information stolen and this will happen with vehicle data for sure – there is always a way to gain access to data! Imagine an entity that cripples transportation during rush hour, or takes control of vehicles and kidnaps the occupants or worse, uses the vehicle as a weapon. These are scenarios that the manufacturers and controllers of the data have to be aware of and plan against.
The fascinating thing is that car manufacturers will find themselves transforming from being factory owners to being data centre owners. Like Apple and other consumer electronics companies who morphed from only selling hardware to selling data based services, I can see the auto manufacturers doing the same. Let’s hope they learn from the issues that have affected other industries in recent times.