In-car connectivity is driving up the number of in-car vulnerabilities.
By Open Source Community
In an interview with UK auto news publication Auto Express, Sachin Lawande, president of electronics and infotainment company Harman, acknowledged that the growing connectivity of new cars on the market is making it easier for hackers to hijack them remotely.
Harman reportedly develops in-car connectivity systems for “many manufacturers.” Lawande said electronic control units (ECU) have lately begun growing from the cars’ infotainment systems (touchscreen dashboards, navigation systems, or Bluetooth smartphone integration, for example) to the engine, transmission, and brakes. Lately, modern cars have come with ECUs controlling such systems as the engine control unit, electronic power steering, the battery management system, car doors, the transmission control unit, and the speed control unit, among many others.
For example, Harman told Auto Express the BMW 7 Series can contain about 140 ECUs throughout the car. When describing how the ECUs operate in modern cars, Lawande used some troubling language.
“It is already a serious problem,” Lawande told Auto Express. “The infrastructure of many cars was not designed with networking in mind.”
He expanded, saying “a cyber attacker can take control of critical vehicle functions, and unless we can make them secure the increasing levels of connectivity are going to make it worse.” The key phrase there is “unless we can make them secure,” because it implies that nobody did that in the first place.
The Auto Express article sheds a little light on why Harman used such inflammatory language in the interview. The company is reportedly planning to release a “software barrier” as part of its infotainment platform that will stop hackers “from being able to attack the vital ECUs,” like those that control its speed and brakes, Auto Express reported. Those aren’t expected “to be seen” until 2016 at the earliest, however.
But, promotional or not, the people at Harman are echoing a point that has been made by others. In July, researchers Chris Valasek, director of security intelligence for IOActive, and Charlie Miller, a security engineer for Twitter, exposed securirty vulnerabilities in the on-board computer that has been mandatory in all U.S. vehicles since 1996. What they did with this vulnerability was quite troubling as well.
“We had full control of braking,” Valasek told Agence France-Press. “We disengaged the brakes so if you were going slow and tried to press the brakes they wouldn’t work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile.”
Security may be the most important of many obstacles that are standing in the way of mass adoption of driverless cars, which some experts don’t believe will reach mainstream markets until 2040.