Alarms are being raised about connected vehicle security

Written by on September 1, 2016 in Guest Blog with 0 Comments

Car thief stealing a car. Hacking into the car system.There are a lot of folks out there concerned about vehicle cyber security! Several public interest groups petitioned the Federal Communications Commission (FCC) to take action over the implementation of Dedicated Short-Range Communication (DSRC) technology that the auto industry plans to implement in connected cars in upcoming months. It seems there is widespread concern regarding vehicle cyber security.

Six consumer groups Thursday filed comments informing the FCC about the dangers of DSRC and nearly 20 consumer groups filed a letter to the FCC to show their general support for the need for a non-commercial condition, and adequate privacy and cybersecurity protections concerning the technology.

The groups argue that the technology will introduce more attack vectors as well as additional vulnerabilities to connected vehicles which already may not be secure for another three years if the technology is used for reasons outside of ensuring safety.

Concerns regarding vehicle cyber security relate to hacking and viruses.

Viruses on computers and other devices spread primarily because those devices talk to one another on networks. Cars are insecure already, regardless of the cybersecurity protections integrated into NHTSA’s small portion of the DSRC band. Even if the communications between DSRC units are encrypted, the devices those DSRC units are connecting are not secure. The forthcoming mandate for DSRC device deployment neatly solves for hackers the last major obstacle to large-scale auto hacking, by providing a mandatory, trusted connection between all cars.

It is a fundamental principle of cybersecurity that the more devices and networks you connect to a platform, the more vulnerabilities and attack vectors you introduce into even the most secure of systems. While DSRC creates an additional attack vector, the problem is exponentially exacerbated by commercialization of the service. Connection to the public internet to facilitate services such as mobile payments, advertising, and infotainment content delivery, create a plethora of attack vectors and additional vulnerabilities, any of which could be exploited to breach the car, and then utilize the DSRC unit to spread to every DSRC-equipped car it comes in contact with.

Cars today have up to 100 ECUs and more than 100 million lines of code — a massive attack surface. Further complicating matters, auto manufacturers source ECUs from many different suppliers, meaning that no one player is in control of, or even familiar with, all of a vehicle’s source code.

The threat of automotive cyberattacks will only loom larger as society transitions to autonomous vehicles. But even before autonomous vehicles become widespread, car hacking is already a very real danger: In 2014, more than half of the vehicles sold in the United States were connected, meaning that they are vulnerable to cyberattacks.

Drivers shouldn’t have to choose between being connected and being protected.” — Senator Edward J. Markey

More on SCMag and Techcrunch

This article was first published on CyberSec.Buzz

Tags: ,

Jonathon Gordon

About the Author

About the Author: Jonathon has been lurking around the Telecoms and Internet space for the last 20 years. He is now a man on a mission – that being the reformation of the Industry Analyst business. He is working with his co-conspirators on transforming the Industry Analyst world forever as an Expert with EMI. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top