Automotive cybersecurity on the wrong road: Report
Flooring the accelerator pedal of a secure vehicle may still be a thing of the future. According to a recent study by Ponemon, nearly 30 percent of companies in the automotive segment do not have a proper cybersecurity team to handle its technology and security infrastructure, let alone secure smart cars. The state is so dire that many do not even engage a third party vendor to secure the software in the connected cars.
“As more connected vehicles hit the roads, software vulnerabilities are becoming accessible to malicious hackers using cellular networks, Wi-Fi, and physical connections to exploit them,” data protection research group the Ponemon Institute said in the report. “Failure to address these risks might be a costly mistake, including the impact they may have on consumer confidence, personal privacy, and brand reputation.”
The study also pointed out that nearly 63 percent of all vehicle manufacturers do not even test half of their software, hardware and other technology deployed in their vehicles. The study sampled 15,900 IT security practitioners and engineers in the automotive industry.
“Unauthorized remote access to the vehicle network and the potential for attackers to pivot to safety-critical systems puts at risk not just drivers’ personal information but their physical safety as well,” the study found.
As further detailed in the study, “Seventy-three percent of respondents surveyed in our report say they are very concerned about the cybersecurity posture of automotive technologies supplied by third parties. However, only 44 percent of respondents say their organizations impose cybersecurity requirements for products provided by upstream suppliers.”
Vehicle hacking isn’t just a theory. In 2016, Nissan had to shut its proprietary app NissanConnected EV for its Leaf line-up after it was found that hackers could access the cars’ climate control and other battery operated features to drain the batteries. Also, in 2015, automaker Fiat Chrysler had to issue a recall for almost 1.4 million vehicles after researchers Charlie Miller and Chris Valasek of Wired demonstrated a wireless hack on Jeep Grand Cherokee, taking over the controls of the dashboard, steering wheel, powertrain, and even the brakes.
Recently, WikiLeaks released documents blowing a whistle on the CIA suggesting journalist Michael Hastings’s fatal car crash triggered by a car hack. In 2013, Hastings died after the car he was driving abruptly sped up and crashed into a tree. Media has, however, considered this to be a conspiracy theory, but has given into the potential havoc a hacked car can wreak.