Do we really need to worry about car hacking? Yes.
Should you be concerned about your car in the wake of the recent Jeep Cherokee uConnect car hacking revelations? Yes, because Car hacking is a question of when, not if.
It is also worth noting that while the example vehicle is a Jeep, any car that is connected to the Internet is vulnerable. It just so happened that a Jeep was first to be cracked and used as an example. It won’t be the last.
So where are we at today with car security?
What’s the risk of car hacking now?
What’s the risk in the future?
What could happen if a car is hacked?
We don’t really know because the future is hard to predict, but let’s take a stab.
There’s the obvious, such as running the car off the road. There’s indirect, such as distracting the driver enough to scare or cause a crash. And there’s the subtle such as fiddling with navigation directions, playing with the heating and generally haunting the vehicle. Finally, there’s harvesting information…doing nothing other than seeing what the car’s doing, where it’s going, probably who’s in it. Cross-reference that with other information, say from a smartphone, and you can find out a lot about a person or persons. This starts to get into the meta-data debate, and certainly cars can provide a lot of meta-data. Privacy? It’s gone.
Cars are also likely to have more and more sensors. Today there are cars now with 5 or more cameras as standard, voice recognition features, and systems to detect drowsy drivers. If those systems are compromised imagine the information that an attacker could get hold of.
What should car manufacturers do?
Here’s some ideas for carmakers
How cars should be, but largely aren’t designed for security:
Separation of concerns
Specialist security team
Sanity check overrides