Should you be concerned about your car in the wake of the recent Jeep Cherokee uConnect car hacking revelations? Yes, because Car hacking is a question of when, not if.
RESEARCHERS IN THE USA have
successfully taken control of a Jeep Cherokee, using a vulnerability in the car’s uConnect information unit to change the fan speed, stereo volume and even change the car’s infotainment screen image, as shown in the screengrab used for this article’s title shot. That’s bad enough, but they also took over critical controls such as the transmission and throttle. Clearly, if they had malicious intent then the driver could have been killed. We have a list of affected vehicles
here.
But let’s not panic, at least not over here, and not yet. Australian cars aren’t vulnerable to this particular remote hack because the uConnect system in Aussie Jeep Cherokees does not connect to the Internet, and therefore cannot be remotely hacked and controlled. Not only that, Jeep tell us that the uConnect systems in Australia (across the FCA empire) are completely different to the one fitted to American vehicles, even without the Internet access function.
It is also worth noting that while the example vehicle is a Jeep, any car that is connected to the Internet is vulnerable. It just so happened that a Jeep was first to be cracked and used as an example. It won’t be the last.
So where are we at today with car security?
Remember those green-screen Nokias? Simple and dumb. You probably had most of your contact’s names and numbers on there, and you’d tediously type in each entry. If you lost the phone no big deal, someone else would have those contacts and who you’d called when, but there wasn’t much they could do with it. And how would they get access to it anyway? Those old phones had no Internet connection, about the best you could do was connect them with a cable to a computer. Summary – too hard, too little value. If there is a definition of “secure” it’s when the effort required is greater than the potential reward, and that was the case back in the day.
Now in 2015 we have ultra-sophisticated smartphones. We have our lives on there, our complete identities, secrets and detailed history. Not only that, the things are connected 24×7 to the Internet. And the phones have all manner of sensors – location via various means including GPS, two cameras, thermometers, microphones and more, all of which could – and do – easily come under the control of an attacker. Simply, if your smartphone is stolen or compromised that is now a very serious matter as your life could well be turned upside down with identity theft or worse. Secure? Effort is small, reward high.
Here’s the problem we will very shortly face. Cars are going the same way as phones, carmakers aren’t taking the threat seriously enough, and there’s no sign they’re going to do so.
What’s the risk of car hacking now?
Right now, as of July 2015 in Australia, the threat is minimal. In smartphone terms, cars are around 2005, at the stage where colour screens are cool, and there’s just the beginnings of apps. The iPhone, in car terms, hasn’t been released but is coming. Very few cars are connected to the Internet, and if a car is not online it can’t be remotely hacked, at least not like the researchers did with the Jeep. It is however possible that a wifi-hotspot, Bluetooth or some other shorter-range data transmission system could be subverted. And with physical access to the vehicle it is possible to install cheap gagdets that provide that Internet link, just a 4G SIM card and some inexpensive hardware.
It is true there have been exploits on some of the very newest cars, but it is a measure of the rarity that they make worldwide headlines. If your smartphone is hacked today there will be no headlines.
What’s the risk in the future?
Huge. Three reasons:
First, cars are becoming more automated, and automation always has the potential to be maliciously controlled. Cars can now detect objects ahead via
AEB and self-brake. Electric steering is computer controlled. Automatic transmissions have been computer controlled for a long time. Older, analogue cars were never this vulnerable. There are very good reasons for this increasing automation – safety, cost, convenience – but computer controlled automation does introduce the risk of abuse.
Second, cars are, and will increasing be connected to the Internet for all sorts of reasons you can guess – realtime fault diagnosis, navigation, personalisation. That is when, not if. In fact, it’s now, and the level of integration will rapidly increase.
Finally, the simple fact is that if
anything is connected to the Internet then it is vulnerable to hacking; remote takeover, data theft, sabotage or what have you. Nothing is 100% secure, ever. We’ve seen everything get hacked from Sony to LinkedIn to most recently Ashley Madison. Smaller-scale attacks are so commonplace they are unremarkable – every day there are thousands of smartphones and computers successfully attacked. There are scum who make a sport of taking over laptops, recording videos of unsuspecting users on webcams, and then blackmailing the user – Google
RATing if you don’t believe. And of late, Australia has been
hit hard by ransomware which encrypts files and demands money for them to be unlocked.
Cybercrime is now literally a big, big business, not just bored kiddies out for kicks. It’s a business that is getting bigger every day, and cars will make a very, very attractive target.
What could happen if a car is hacked?
We don’t really know because the future is hard to predict, but let’s take a stab.
There’s the obvious, such as running the car off the road. There’s indirect, such as distracting the driver enough to scare or cause a crash. And there’s the subtle such as fiddling with navigation directions, playing with the heating and generally haunting the vehicle. Finally, there’s harvesting information…doing nothing other than seeing what the car’s doing, where it’s going, probably who’s in it. Cross-reference that with other information, say from a smartphone, and you can find out a lot about a person or persons. This starts to get into the meta-data debate, and certainly cars can provide a lot of meta-data. Privacy? It’s gone.
Cars are also likely to have more and more sensors. Today there are cars now with 5 or more cameras as standard, voice recognition features, and systems to detect drowsy drivers. If those systems are compromised imagine the information that an attacker could get hold of.
What should car manufacturers do?
Car manufacturers need to start taking security seriously, because at present there is no evidence they do so, a bit like mobile phone makers and software industry of yesteryear.
That means copying best of what the computer software industry does, and the best of what the financial services industry does. Both sectors have decades of tech security experience on which to draw. It also means learning lessons from aviation which also has the mix of transport and computers, and that’s one industry that really does take safety seriously.
Having seen what has happened with smartphones and PCs, the car industry has no excuse they don’t know what’s coming, and the lessons they can learn are clear.
Unfortunately, manufacturers of anything (not just cars) hate security because it increases complexity and costs, while reducing usability and performance. And it’s not something buyers typically care about until too late, so there’s good commercial reasons for wanting to get away with the minimum security.
That’s not a good attitude because we’re not talking about smartphones, we’re talking about cars which are big, heavy objects that can kill.
Here’s some ideas for carmakers
How cars should be, but largely aren’t designed for security:
Separation of concerns
Divide a car’s functions into two areas; critical and non-critical. Critical would include anything that controls the car’s movement on the road; steering, brakes, throttle. Non-critical is everything else. Then seperate the two areas as far as possible, and ensure there are very clearly and tightly controlled communications from one to the other. It will not, in the future, be possible to entirely separate them, but at least care can be taken. Right now, it’s pretty much open slather. If this principle was followed properly by Jeep then the hack attack described above could not have worked. I’ve seen other cars fail to start because of a simple satnav problem, and that indicates lack of a separation of concerns.
Specialist security team
Car manufacturers have heads of design, engineering, suspension…you name it. Now they need to have a head of security with a team of specialists. That head of security needs a seat at the big table too.
Talk to any car PR person and they can explain at length the team behind the engineering. Ask about security and it’s…umm, err, part of an existing team like quality. That needs to change…before car hacks start being commonplace.
Sanity check overrides
There has to be a fully independent system for critical car functions which is NOT connected to the primary control systems. This system must be constantly sanity-checking what’s happening with the car and if it doesn’t make sense, then override. The driver’s control must be via this system too, so the computer’s automated inputs come in via one channel, and the driver’s by another and that takes priority.
Independent testing
ANCAP tests cars for safety. We need a security equivalent of ANCAP, and it needs the legal powers to do its job and enforce compliance to standards. Again we can look at the aviation world.
Vulnerability reporting
Despite best efforts, mistakes will be made and vulnerabilities will be discovered. So there must be a clear and easy way for those vulnerabilities to be reported, acted upon and fixed. This is a cross-industry issue, and something on which all car manufacturers should work together. The software industry is the template here. It is interesting to see that Jeep’s statements on the Cherokee issue use the same sort of language software companies used long ago.
Bugfix management
Once the vulnerability is discovered the car needs to be fixed, and fixed instantly. That means all cars must have a robust and reliable patch management system. Again, the software industry leads the way. Your phone and computer are constantly self-updating.
Anyone else need to take action?
Yes, governments need to crack down hard on this sort of hacking crime before it is commonplace, and enforce security standards. I’d also like to see an national, integrated security approach across computing, cars and pretty much everything else as the nature of security problems is that they tend to span multiple areas. Some senators in the USA
have had the foresight to introduce a bill to enforce security standards.
The reason the government needs to take action is because nobody else will. Consumers won’t demand it from car companies until it’s too late because humans are just dumb like that, and car companies will react only to market forces.
What can I do?
Right now, in Australia, you need do nothing today as far as your car is concerned. There are so few cars that have so few vulnerabilities, and there aren’t the wide skills and cracking tools available to hack cars. You should be far more concerned about securing your social media accounts and smartphones for which there are easily available hacking tools and rich opportunities for abuse.
Cybercrime is presently far more profitable mining people’s personal data, social media, smartphones and the like. There will be sporadic, high-profile attacks on cars like the one on the Jeep, but no need to panic yet. It’s a bit like the prominence shark attacks or airliner crashes are given when we should be all much more scared of crossing the road.
However, very soon – and I’d say within 12-24 months – we need to start buying a car based not just on looks and performance, but also secure it is from an information and control perspective.
Car manufacturers, over to you. Are you going to take this threat seriously, or wait for a tragedy and then act? Do let me know…
Robert was interviewed by the ABC on this subject today. Recording and transcript here.