Last updated: 16 May 2016
In October, I wrote a horror story-themed blog titled “IoT Nightmares: Rerouted” in which a faceless “Mr. Thompson” flees from members of a criminal enterprise only to have his car hacked and rerouted to the place of his eventual capture.
“Rerouted” was based on research from 2013 into the vulnerability of connected cars. Security researchers Charlie Miller and Chris Valasek discovered that automobiles data and systems could be accessed by hackers within a 130 foot range. Their research caught a ton of headlines, and was supposed to serve as a wakeup call for the auto industry. Today, the very same security researchers announced that 471,000 connected vehicles could be hacked from nearly anywhere in the world – as long as the attacker knew the IP address of the target vehicle.
Miller and Valasek’s latest attack exploits the cellular connection of a car and migrates its way to the hardware for the entertainment system. At that point the attackers are able to rewrite the firmware of the system, and begin sending commands through the car’s internal computer network – all while remaining completely undetected. With the ability to send commands to the various components of the car, an attacker can do things as innocuous as changing the radio station and modifying the temperature or as a dangerous as bringing the car to a halt on the highway.
Miller and Valasek are slated to unveil some of the details of the attack during the Black Hat security conference in Las Vegas next month, but today’s announcement surely sent chills down the spine of the players in the automotive industry. With the Senate set to introduce new legislation to establish security standards for privacy and protection in the automotive industry, it is increasingly apparent that security must become a higher priority for auto manufacturers and their partners.
Vulnerabilities like the one Miller and Valasek discovered are alarming, but make no mistake; the connected car movement is here to stay. Consider the progress being made toward autonomous vehicles. Recent estimates predict that 75% of vehicles on the road will be autonomous by 2040, and by removing the driver from the equation some studies project that self-driving cars will reduce automobile accidents by up to 90%. If those projections are true, the future of autonomous and connected cars will represent one of the most important technological advancements in health and safety ever made.
For more information read our recently published white paper, “Building the Trusted Connected Car,” in which we discuss some of the ways manufacturers, application providers, and communication service providers in the automotive world can mitigate threats to connected cars using things like code signing and strong identities.