In a report issued last month by the Consumer Watchdog based in the US, technology experts have pointed out the need to address the cyber risk posed by connected cars, particularly when GM, Toyota and Ford – the three top-selling car makers in the country – are expected to only sell internet-connected cars by the end of the year.
All three car makers represent nearly half of the US auto market.
The report urgently recommended that each new connected vehicle at the earliest possible date will be fitted with a kill switch that physically disconnects the Internet from safety-critical systems.
“The troubling issue for industry technologists is that these vehicles’ safety-critical systems are being linked to the Internet without adequate security and with no way to disconnect them in the event of a fleet-wide hack,” the report said.
Most connected vehicles share the same vulnerability.
The head unit (sometimes called the infotainment system) is connected to the internet through a cellular connection and also to the vehicle’s CAN (Controller Area Network) buses. This technology dating to the 1980s links the vehicle’s most critical systems, such as the engine and the brakes.
Experts agree that connecting safety-critical components to the internet through a complex information and entertainment device is a security flaw. This design allows hackers to control a vehicle’s operations and take it over from across the Internet.
The report predicted that by 2022, no less than two-thirds of new cars on American roads will have online connections to the cars’ safety-critical system, putting them at risk of deadly hacks.
“Using smartphone technology in cars – technology that was never designed to protect safety-critical systems – is a recipe for disaster,” the report said. “A plausible scenario involving a fleet-wide hack during rush hour in major U.S. metropolitan areas could result in approximately 3,000 fatalities, the same death toll as the 9/11- attack.”
To protect the public, the report pointed out that car makers should install 50-cent “kill switches” in every vehicle, allowing consumers to physically disconnect their cars from the Internet and other wide-area networks. Otherwise, if a 9/11-like cyberattack on our cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. Mandatory “kill switches” would solve that problem.
It further recommends that future car designs will completely isolate safety-critical systems from infotainment systems connected to the Internet or other networks because connecting safety critical systems to the Internet is inherently dangerous design.
“If car makers do not commit by December 31, 2019, legislators and regulators should mandate these protections,” the report said.
Veil of secrecy around automotive software
It is well-known in the industry that even the car makers themselves
often do not know the origins of the software they use, nor their true risks.
Vehicles from many major car makers—including Tesla, Audi, Hyundai, and Mercedes— rely heavily on software written by third parties.
This includes open source software, like Android, Linux, and FreeRTOS. This software often comprises contributions from hundreds or thousands of different authors around the world, and there is usually little accountability for flaws.
For example, FreeRTOS, used in critical systems by Tesla, had major vulnerabilities discovered in October 2018, but Tesla never acknowledged using the software, the vulnerability, or whether it patched the problem.
“The veil of secrecy surrounding automotive software and the ability to update it ‘over the air’ without touching the vehicle lets automakers cover up safety problems and sloppy testing practices. Consumers are driving cars whose systems run on unfinished and undertested software,” the report said.
It added that regulators should require automakers to publicly disclose the authorship, safety certifications, and testing methodology used for all safety and security critical software, allowing for analysis by independent regulatory and testing agencies.
“The industry should agree to a general standard protocol that cars not be connected to wide-area networks until they can be proven immune to hackers,” the report said.
Finding a solution
Meanwhile, Keysight Technologies hopes to help car makers to fix the dilemma posed by unsecured software through its recently-announced Automotive Cybersecurity Program, which validates the resiliency of connected components of a vehicle, individually or as an entirely functioning automobile prior and post deployment.
“Cars today support multiple communication methods, like Bluetooth and USB while a growing number of cars use mobile communication for a variety of services available in the car,” said Tom Goetzl, Automotive & Energy Solutions business general manager for Keysight.
He added: “Our program can test for vulnerabilities on all available communication ports and provides direction to our customers on how to close such vulnerabilities.”
In addition, security solutions developed by Ixia Solutions Group (ISG), enables Keysight to deliver extensive security validations of the 4G/5G radio access network (RAN) infrastructure that connects vehicles, and the backend data centres that manage business operations.
ISG’s visibility solutions deliver an enhanced infrastructure that improves the efficiency of security tool sets in production networks. Keysight provides test and measurement of cybersecurity effectiveness from the ECU level up to the cloud data centre.
“Early assessment, prior to production, is essential to enabling our automotive customers to deliver safe and supportable vehicles,” said Mark Pierpoint, president of Ixia Solutions Group, a Keysight business.
“Potential issues identified post production, with the risk of recalls, cost orders of magnitude more to repair than when found during pre-deployment testing, notwithstanding the possible loss of human life. Continued detection and mitigation of cybersecurity threats once vehicles are on the road are equally critical to keep consumers safe. Cybersecurity testing is an essential defense to ensure the design and implementation of a bullet-proof security posture in connected vehicles,” Pierpoint said.