Automotive cybersecurity is a big issue for the National Automobile Dealers Assn. Here’s one reason why:
When the “Car Hacker’s Handbook” was posted online in 2014, there were 300,000 downloads in four days. Not all the downloaders were hackers-in-training. But the sheer number indicates why potential automotive cyberattacks go beyond isolated-crime status.
“This is top of mind for NADA,” says Brad Miller, the trade group’s director-legal and regulatory affairs. “It’s a tremendously important issue, and becoming more important every day.”
The significance of vehicle cybersecurity may not be readily apparent to dealers now, “but with connected and autonomous vehicles fast approaching, it is going to be central to the automotive business and dealer business in general,” he tells WardsAuto.
Points of attack in today’s connected vehicles include Bluetooth, GPS, WiFi and onboard OBD-II diagnostic telematics.
Telematics information flows between cars and dealerships. “If a vehicle is not secure, the information on that vehicle will not continue to be private,” Miller says.
In 2015, there was the first demonstrated hacking of an infotainment system.
It could get worse in the coming age of autonomous cars.
Among other benefits, impending self-driving cars stand to reduce traffic fatalities, which numbered about 35,000 last year in the U.S., 94% attributed to human error.
“Computers don’t drink and drive and don’t get distracted by texting,” says cybersecurity expert Simon Hartley, a co-founder of consulting firm 202Partners.
But they potentially are vulnerable to hackers. Those wrongdoers come in many forms, from pranksters to car thieves to criminals who steal information for financial gain.
When self-driving cars take to the road in earnest, the worst-case fear is that a mad-scientist-type hacker takes control of a vehicle and sends it off a cliff.
“In the near future with autonomous vehicles, cybersecurity literally will be a life-and-death matter,” Miller says.
Some people refer to cars as smartphones on wheels. Hartley sees it differently. “I’d say a car is a data center on wheels, with 100 million lines of code,” he says at the Society of Automotive Engineers’ WCX conference in Detroit. “The car is almost the poster child of the Internet of things.”
Ten percent of vehicles on the road today already are connected, he says. That’s just a start. Last year, the FBI and NHTSA warned of vehicles becoming increasingly vulnerable to remote exploitation.
“If I am an attacker, I need to find just one link,” Hartley says. “If I am a defender, I must cover the entire supply chain. New guidelines focus on secure software development for new vehicles.”
The industry has gone from "shocked" a few years ago by the first automotive hacks "to where we are now," he says.
Government is on the case through a series of programs and legislative acts. Hartley proposes various actions to thwart hackers including the systematic running of penetration tests to gauge defensive strength. He opposes seeking aid from hackers who allegedly have gone straight.
The auto industry is an active player in addressing the issue, notes Miller.
“We are engaged in a number of conversations with folks across the industry,” he says. “It is critical for the simple fact that it pertains to consumer trust in a brand and confidence in autonomous vehicles.”
