Have you ever watched a thrilling movie scene, where fear grips a driver who realizes he’s no longer in control of his car, but rather in the clutches of some far-off villain who has taken over? Ever wonder if it could actually happen? It turns out that with today’s connected cars, it’s not just a far-fetched plot dreamed up by an imaginative screenwriter, but a real possibility.
In mid-April, the U.S. assistant attorney general for national security warned that connected cars can be attacked, making them a potential target for hackers and terrorists. That warning came after a recent joint statement made by the FBI, the Department of Transportation, and the National Highway Traffic Safety Administration that warned “motor vehicles [are] increasingly vulnerable to remote exploits.”
Automotive companies and car systems providers have been taking notice, particularly after white-hat hackers demonstrated they can get into the connected cars on the road today and do almost anything, from turning on the radio and windshield wipers to killing the engine as the car flies down the freeway.
Many of today’s cars are made up of more than 100 small computers called controllers, which are responsible for running many of the car’s operations. They control the windshield wipers, move the driver’s seat, activate the airbags, run the engine, apply the brakes, etc. All of the controllers are connected to a network within the car, called a CAN (controller area network) bus.
A few controllers are available to the external world, enabling the car to connect to the Internet and external networks, such as GPS systems, cellular, Bluetooth and Wi-Fi networks. This connectivity, which is common in many of today’s automobiles, has given rise to the term “connected cars.” And it appears the connected car is here to stay: Gartner estimates there will be 250 million connected vehicles on the road by 2020.
Because the car is now connected to the Internet, Wi-Fi, etc., hackers can take advantage of those external connections to penetrate the car’s network and target its safety systems, just as they’ve done in enterprise and government data centers. In the enterprise, we continuously see attackers hack into externally connected devices, drop malware onto those devices, and then use that malware to move around the network to access and manipulate the data center’s critical resources. Using that same approach, hackers can penetrate connected cars—via the externally connected controllers—to gain access and control over all of the controllers in that car’s network. This means they can manipulate the car’s safety systems and drive or stop the car, leaving the driver helpless.
What concerns the FBI and the assistant to the attorney general the most is the potential grand scale of hacks on automobiles. For example, hackers could theoretically penetrate a single car make/model and then stop the engine of all of the cars of that make/model during rush hour. This type of coordinated hack could be used by criminal organizations or terrorists to create havoc or hold states ransom.
The good news is there are relatively effective solutions that can be used to protect automobiles. Unlike enterprise networks and data centers, which have many different devices connected to the Internet, cars are generally closed systems, with only a limited number of externally connected controllers. By protecting those externally connected controllers, car manufacturers can significantly minimize the risk of attackers being able to penetrate the car and disrupt its safe operations.
The industry is starting to take action, with car manufacturers and system providers strengthening their software security practices and hiring security teams. In addition, legislators proposed the Spy Car Act 2015, which is designed to ensure vehicle manufacturers in the U.S. take “reasonable measures to protect against hacking attacks” on all of a car’s “entry points,” i.e. the externally connected controllers.
The best way to protect those externally connected controllers is to ensure that nothing except factory settings is allowed to run on them. There are now open-source and commercial technologies that can be used by car manufacturers and system providers to allow only the code and applications that were approved in the factory to run on the controller. It is fairly easy to add this security software to the controller as a software update. By hardening the externally connected controller, the car cannot be infiltrated. There is no ambiguity; no false alarms; no threats.
Using this approach, connected cars on the road today can also be easily retrofitted. When cars are brought into the dealership for their annual service checks, the dealer occasionally upgrades some of the controllers’ software according to the system provider’s guidance. Vendors can take advantage of this annual cycle to add the hardening capabilities as part of a regular upgrade to the software of the car’s controllers, effectively protecting the cars from hackers.
David Barzilai is the executive chairman of Karamba Security.