This article discussed about how vulnerabilities of automotive system enable car hacking. As the car becomes increasingly computerized, many accidents due to system and software flaws are exposed to the public. Therefore, the security of car’s system and internal network should one of the top concern of car manufacturers. However, I think just few auto manufacturers have placed enough emphasis on developing secure vehicle information system. Back to 2014, it was approved that Jeep could be remotely took over, and therefore, Fiat had to recall all the affected cars to fix the problem. Even though the car manufacturer is keeping improving their systems, researchers still find vulnerabilities that enable hackers to access the car’s internal network through the entertainment system. Hackers are able to seize the control of the car by turning the steering wheel, hitting the brake or slamming on the accelerator. Researchers are currently focusing on the potential attacks related to sensors and radar that enable self-parking and self-driving.
I think this article is interesting because when people talk about information security and hacking, I would first think about privacy. However, it is much more than privacy, it also relates to people’s safety and health especially for vehicles and medical devices. The most common interconnected system connecting different systems in most of cars is called CAN bus. One of the greatest vulnerabilities is the lack of encryption on the CAN bus. A weakness of any one of the system could enable attackers access the the rest of the systems and even take control of the car. This would become the one of the greatest challenges to car manufactures, as most of them are focusing on developing self-parking and self-driving car.
https://www.theguardian.com/technology/2016/aug/28/car-hacking-future-self-driving-security
Nice article Mengqi! I attended the IANS conference last year in Philadelphia shortly after the Jeep hack was made public. There was an expert in automobile security speaking and he explained that the Jeep hack gained the automobile industry’s attention. He explained that he had been engaged by many automobile manufactures recently to sit in on design sessions to raise security considerations. He also said that the automobile manufactures were willing to show the initiative to consider security and safety in the discussion, however he was not convinced that automobile makers were willing to make some of the trade-offs (i.e. reduced functionality and usability vs. increased security).
I think we’ve just begin to scratch the surface of the potential attack vectors for connected cars and self-driving cars. As these innovations become more complex and autonomous, the need for security will be even greater. It’s going to be extremely important to build strong security into the design of these vehicles to keep drivers safe in the future.
I saw the Jeep presentation at BlackHat. It was pretty impressive. The one thing the presenter did stress is that the manufacturers are starting to listen and lock down some of the vulnerabilities identified. In particular, the remote access vulnerabilities. On the down side, each manufacturer is running proprietary systems making it difficult to research all of the makes and models.
Mengqi,
This is an interesting subject, that will get more attention in the years to come. With Google and Uber experimenting with self-driving cars, the opportunity for hackers to gain access to these self-driving automobiles and cause trouble on the road is increasing. I recall reading an article regarding the Jeep-Fiat hack last year, although all of this technology in cars is great, and designed to make driving safer, it has the potential to be hacked and cause more harm than good because it takes control out of the drivers hands.
Mengqi, great article. I bought a car a few years back with OnStar, I didn’t want Onstar, but it came with the vehicle for 12 months. The salesman asked me why I didn’t want it. I told them, while it’s great that I can call and have my doors unlocked with the service, or find my missing vehicle, the pessimist in me knows it will be days until criminals use these tool for no good!
It’s just a fact of life of doing business in our world. Companies will continue to make technological advancements that “make our life easier”. And there will always be that one person who will look to turn that advancement into something they can profit from.
Maybe I have been watching too many crime shows. I guess the question comes down to freedom or convenience? I personally would not want the service either. I would agree on the surface its convenient when you are in trouble situation. While the system is on the amount of information that the system is using and tracking on your whereabouts can be used as an invasion of privacy
Pretty interesting article. It amazing that we are talking about self driving cars and that sensors can be jammed causing the car to malfunction. Personally I want to be in control of any vehicle that I am driving and not relying on a computer in a car to take me to my location.
This is definitely an interesting article. Our technology has scaled such that risk management was left behind. Innovation is great but also leaves the users exposed in some form or fashion. I applaud you on finding this article! The ‘internet-of-things’ isn’t just automobiles either. Some technologies, for example artificial hearts relay information to doctors via WiFi. If the artificial heart has an IP address, it can be hacked. While connecting things to the internet (homes, medical devices, cars, weaponry, positioning systems, aircraft or UAVs…) opens the public up to the risk of being hacked and be dangerous. Its important that we keep our pace of innovation in mind because we don’t want to fall victim to our own progress.
This article definitely brings the risks of autonomous vehicles into the spotlight. It’s easy to focus on the marvels of self-driving vehicles, but the risks are proving formidable. I read a similar article about successful hacks against the Tesla Autopilot technology. The hackers were able to leverage spoofing techniques and jamming in order to ‘trick’ the sensors into not seeing impending obstacles. Similar attacks have also been successful on Audi, Volkswagen, and Ford vehicles. These attacks could lead to high speed, potentially lethal accidents. Despite the obvious benefits of advancing automotive technology, the inevitable computerization of these vehicles puts drivers at the mercy of hackers. Enhancing security and safety of these vehicles is going to be a top priority for automobile manufacturers and, if the problems persist, a focal point in the legal landscape going forward.
If anyone is interested in perusing the article I mentioned, the URL is:
http://www.forbes.com/sites/thomasbrewster/2016/08/04/tesla-autopilot-hack-crash/#1efbc15fdc93