Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Firewalls can't protect today's connected cars

Lucas Mearian | July 27, 2015
Much of the auto industry's efforts to date have been about building a more secure internal bus

cars driving on roadway rear view aa052878

The Chinese military strategist Sun Tzu once wrote, "What is of supreme importance in war is to attack the enemy's strategy."

The automobile industry needs to follow Sun Tzu's advice to secure increasingly connected vehicles from hackers, according to experts.

Instead of building firewalls to keep cyber attacks out, which industry watchers say is ultimately a futile endeavor, build systems that recognize what a security breach looks like in order to stop it before any real damage is done.

"If you hack into my car's head unit and change the radio station, I don't care. I can live with that," said Charlie Miller, one of security experts who this week demonstrated they could hack into -- and remotely control -- a Chrysler Jeep.

"If you can hack into my head unit and make my brakes not work, then that's a different story. Let's stop the attack after they're already in," Miller said.

It's called operational security, and the auto industry -- even the banking industry -- has been slow to adopt it, according to Egil Juliussen, a senior analyst and research director for IHS Automotive. "They assume hackers can't get through their perimeter security, which is not true," Juliussen said. "That's a basic principle for security."

The auto industry got a wake-up call this week when Miller and Chris Valasek showed how they could hack through the perimeter security and into an early model Chrysler Jeep's UConnect head unit, also known as an infotainment system. Previously, hackers could breach a vehicle's internal computer bus only by physically connecting to a car's onboard diagnostics (OBD-II) port.

Miller and Valasek demonstrated that by using the vehicle's cellular network connection, they could wirelessly talk to the Jeep's head unit, and then access the Jeep's control area network (CAN).

All modern vehicles have a CAN, which acts as a computer superhighway to the vehicle's various electronically controlled components. Once on the CAN, Miller and Valasek discovered which electronic messages controlled various systems, and they were able to send messages to remotely control the brakes, transmission, acceleration and other vital components.

As cars become more connected to other vehicles, surrounding infrastructure and to manufacturers and their parts suppliers, the ability to breach a vehicle's security will only become easier.

With self-driving, connected cars comes greater risk
And, as autonomous functionality -- even fully self-driving cars -- emerge, it will mean that protecting computer systems from attack will become more crucial.

At the same time, car makers already remotely collect data from their vehicles, unbeknownst to most car owners, in order to alert the drivers to needed repairs or maintenance and for future research and development.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.