January 29th, 1886 is deemed as the birthdate of the car — this is the day that Carl Benz applied for a patent for his “vehicle powered by a gas engine.” In 1903, Henry Ford created the Model A. Ever since these paramount moments in history, we as humans have had an obsession with cars. We love driving them, customizing them, and we really love modernizing them. For the longest time, the most modern technology available in cars was a heads-up display and some heated seats — these are great additions to a car that definitely add a bit of comfortability and ease-of-use when driving around, but they’re not exactly features that bring vehicles into the future.
While many people prefer the look and feel of a classic car, companies like Tesla are figuring out how to modernize things in such a way that technology is an integral part of the vehicle itself. In 2021, the most modern of cars on the market can drive and park themselves, and even the models that are not at the highest end of the tech spectrum have more and more advancements. While this is exciting, there are risks with any sort of technology — particularly Internet of Things (IoT) devices which are more risky as they are physical objects embedded with sensors, software, and other features for the purpose of connecting with other IoT devices via the Internet.
IoT items are considered to be riskier when it comes to cybersecurity than those pieces of technology, like computers and VOIP phones, that have a direct cable connection to the Internet. Though many people typically think of smartphones or virtual assistants when thinking of the risks associated with the world of IoT, these cybersecurity risks related to cars are nothing new — in 2015, hackers were able to infiltrate the navigation system in a Jeep.
Long story short, hackers were able to take control of an active Jeep whose driver was going 70 mph near downtown St. Louis. The driver describes the experience as a total loss of control — out of nowhere, the A/C started shooting out cold air on high speed despite the driver not having touched any toggles to make this happen. Similarly, without touching the knob, the radio station was changed and volume cranked. For a little while, this was all that happened and then, as he was driving at 70 mph still, they cut the hackers cut the transmission.
Thankfully, this was an experiment the driver knew about as he worked with the hackers, Charlie Miller and Chris Valasek. However, it exposes the vulnerabilities and real world, physical threats that are present when it comes to cars with more and more advanced technology components. Had this been an unsuspecting driver, they likely could have had a heart attack just at the toggling of the temperature and music, let alone caused an accident when the vehicle was shut off completely. It is also crucial to keep in mind that this happened six years ago — which is a significant amount of time in the tech world. Now, in 2021, the idea of there being a high number of autonomous cars is not too far in the future as there are more and more joining drivers on the road today. Events such as a the Jeep hack mentioned above have made it clear to the cybersecurity professionals of the world that strong cyber prevention and protection is a key element of these cars becoming widely adopted and accepted by the public.
A vulnerability found in the Tesla Model X was identified in November of last year and shows an issue with a very popular feature of cars today — Bluetooth connectivity. Following an “over-the-air” update, Tesla’s Model X was left with the major cybersecurity risk of a hacker having the ability to change the key fob via Bluetooth connection, allowing them to steal the code needed to unlock the car from the fob and use it to steal a Model X in 90 seconds. Since this issue was identified, another over-the-air update was sent out to stop hackers from doing this, but it is still a major risk that anything like that happened to such an advanced company. Tesla’s Model X starts at more than $84K and the thought that one of these car-owners could have lost something costing them that much within two minutes has to make drivers feel a bit unsettled.
A Possible Solution? Supply Chain Involvement
Nathaniel Meron of Help Net Security highlights a potential solution to the threats of vehicle cybersecurity issues. He says that cybersecurity professionals need to be involved at the supply chain level of the development of these technologically advanced cars. This makes sense as this is the only way for them to understand every little piece of technology in these cars is to know what is in there. This will allow for vulnerabilities to be identified and patched regardless of which part of the car they come from. In cybersecurity, the preferred approach is prevention — supply chain involvement should hopefully give cybersecurity professionals the oversight needed to know how to protect cars as they evolve; however, in cybersecurity, reactive approaches are still needed very often as well, so learning how to quickly resolve cybersecurity issues in modern vehicles will be key as well.