There was an old joke that if cars were designed by software engineers they’d crash for no apparent reason twice a day and you’d have to press the ‘Start’ button to turn off the engine (like the mysterious ‘Start’ button you used to have to press to shut down Windows). Well, today the reality is that software engineers are contributing very significantly to the design of new cars. And yes, many new cars already have a ‘Start’ button as well.
Cars today have up to a hundred computers on board (microprocessor-run electronic control units (ECUs)). Automobile manufacturers are increasingly eliminating mechanical links between the driver and the wheels or the engine. Modern vehicles accelerate by wire, change gears by wire, even sometimes brake by wire, and utilize electronic stability control systems that are effectively computers that kick in in certain dangerous situations and ***per with how people are driving. In theory even critical functions one day may go wireless, to save weight or decrease production costs for example. Most new cars already have some sort of Internet connection. Here are five reasons why all this translates into serious risks, and why everyone should take this trend very seriously:
Vehicles can be hacked. The software operating a modern car may have a hundred million lines of code in its software – more than a modern fighter jet, airliner, or operating system such as Windows or Mac OS. With so much code, the likelihood that it has bugs and vulnerabilities is very high – even if the software engineers made security a priority when developing it, which is not always the case. There’s already been much research exposing different vulnerabilities in car software, including a recent report that revealed that the Snapshot driver tracking tool – used in about two million cars in the U.S. – can be hacked. BMW recently patched its ConnectedDrive system as researchers showed it was possible get wireless access to the car’s air conditioning and door locks. And I’m pretty sure we’re going to see many more examples of such vulnerabilities.
Critical functions can be attacked. It’s not just trivial matters like the air conditioning or music system that we should be concerned about. It’s now technically feasible to hack the steering, braking, etc., since the security of software in cars remains haphazard and sketchy.
There’s hardly a safe option. A recent report published by a US senator suggests that virtually all new connected cars have IT security issues, including some that are very dangerous.
Connected cars are going to be everywhere very soon. Everyone will be affected by this trend.Ok, strictly speaking, that isn’t true. There will be hermits who could ignore it. And there are still plenty of folks driving muscle cars or ancient pickups. But even if you don’t own a connected car, if you drive (or even just walk) in a populated area, odds are you’ll be surrounded by connected vehicles. According to the Gartner research firm, by 2020 there’ll be 250 million cars on the world’s roads, so even vintage car owners won’t be able to avoid them. It looks like we’re all affected on this one.
Not much has been done about vehicles’ IT security so far. The good news is that many security issues relating to critically important functions can be fixed relatively easily. The bad news is that this is either being done slowly – or not at all. Automobile manufacturers are new to software and they lack experience in dealing with malware and hacking. They’re learning, but some say the progress is too slow, and that is unacceptable and irresponsible in times of an IT revolution. The software industry learned to provide frequent updates to fix vulnerabilities the hard way – through large-scale malware outbreaks that cost billions of dollars. The automotive industry is only starting moving in this direction, but one day it’s likely we’ll have to update and patch our cars as frequently as we update our browsers.