Cyber attacks on motor vehicles

Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) are currently working on forming a legislation that would direct the National Highway Transportation and Safety Administration (NHTSA) and the Federal Trade Commission to establish federal standards for keeping in check cyber security and privacy of motor vehicles.

The cars which have been recently manufactured are coming with latest technology that includes monitoring and controlling almost everything. The features allow the car drivers to check the tire pressure while sitting on their seat, listen to music from around the world, connect with the world wide web using the Wi-Fi hotspots fitted in the dashboard and much more. Along with such advancement comes the risk of cyber attacks that are almost a daily occurrence.

Ten members of the House of Energy and Commerce Committee raised this concern wanting to know how the government and auto-makers are preparing to address these risks. The lawmakers want the agency and the car manufacturers to provide details on what is being done to cater to cyber vulnerabilities right from the stage when the vehicles are being designed to when they are on the road.

Upon a similar question by the Washington Post, the NHTSA has not yet given a response; however the issue is still being considered and is on their radar. Resultantly, the agency is researching on the cyber security issues related to cars and released a summary of the best practices as well as a report on potential security threats to vehicles last September.[1]

A fact sheet on the issue of The Alliance of Automobile Manufacturers, the industry’s main trade association in Washington read “Auto engineers are incorporating security solutions into vehicles from the first stages of design and production, and their security testing never stops.”[2] While the International Society of Automotive Engineers has a committee that studies the challenges of securing vehicles’ electronic control systems, the U.S. Council for Automotive Research relies on its “Cyber-Physical Systems Task Force.”

Despite the safeguards, experts are of the view that the auto industry still needs to buck up, as they are vulnerable. In 2013, a Ford Escape and a Toyota Prius were hacked by researchers Chris Valasek and Charlie Miller, who took over the brakes and steering of both the cars by using a laptop that was connected to the vehicles with a cable. And last year, they released a survey report according to which WiFi connections and Bluetooth in many cars were potential wireless attack surfaces,” to be targeted by a malicious attacker.[3] This risk is heightened as nearly all cars in the market include wireless technologies thus posing a threat.



[1] See “Potential Threats” and Best Practices” at http://www.regulations.gov/#!documentDetail;D=NHTSA-2014-0071-0007

[2] See “Auto Cyber-Security: Continual Testing, Checks and Balances” at http://www.autoalliance.org/auto-innovation/cyber-security

[3] See “A Survey of Remote Automative Attack Surfaces” at http://www.scribd.com/doc/236073361/Survey-of-Remote-Attack-Surfaces

 



Leave a Reply