Are we protected in modern cars?
A huge step in the evolution of vehicular transport was when cars became more than just a mechanical ensemble. Cars are now more sophisticated, having met the hardware with software-related parts. People benefit from any feature that would make their driving experience easier, more comfortable, and more user-friendly. The only problem in this evolution was: missing pieces from a security and safety point of view. At the time, the CAN Bus protocol was implemented in every car around the world. Yet, nobody realized how much of an impact this would create.
Automotive System vs the Human System
For example, an analogy that can be done is the following. A car is very similar when compared to a human body. I know that it may sound crazy. if we think of Electronic Control Units (ECUs) like body parts that are interconnected through the nervous system, we could potentially say that the Controller Area Network (CAN Bus) and the nervous system are the same. So, this network allows all the nodes or ECUs (which are about 100 in a car) to communicate with each other, but there is no way of sending a message to just a specific node.
Modern Functionalities of Vehicles
Nowadays, vehicles have a lot of fascinating features such as telematics units that have incorporated GPS to show you the best route for where you would want to go, you could listen to music, make phone calls, or even take photos. As a driver, you get assisted by ADAS (Advanced driver-assistance systems). When there are external factors that could harm the people inside the car, ADAS becomes an active safety system – meaning the vehicle will “actively” control braking or steering. The era of electric vehicles has just started, charging them not only from the EV Chargers on the highways but also from our houses. These cars are connected to the internet and to our smartphones in order to receive information from them.
The cyber risks
The Automotive domain evolved a lot in the past 20 years, but once the engineers included the computers in the vehicles to benefit from their advantages, they did not realize at that time what disadvantages the hardware and the software could bring to the table.
A small imagination exercise:
Now, let’s make an imagination exercise, you are supposed to drive your vehicle on national highways when suddenly your car speed starts to increase without you pushing the pedal. Your braking system is not working anymore and neither does the steering system. A malicious person could gain access through the cellular network or Bluetooth, access the CAN bus, and control your car remotely from miles away without you even knowing. Unfortunately, this is not an action movie, it is just the brutal reality.
“Today, there are more lines of code in the connected car than other highly sophisticated machines, including the U.S. Air Force’s F-35 Joint Strike Fighter, the Boeing 787 Dreamliner, or a NASA space shuttle. With each region demanding its own code to meet local regulations.”
Source: EE Times
According to the 2022 Global Automotive Cybersecurity Report created by Upstream, by 2025, a connected car will produce 25GB of data per hour and up to 500GB if fully autonomous. Well, that’s a lot of data. What would happen if hackers would gain access to that data? If they could intercept the data with a MITM attack, thus accessing the vehicle itself and gaining full control of it? Or if a malicious actor could connect to a fleet and they could have “root” privileges on the whole fleet?
More than 50% of all reported automotive-related cybersecurity incidents took place during the past two years alone, what do you think the future could bring if we continue the development part without taking cyber security seriously? Also, in the report I presented above, there is an interesting prediction: the automotive industry stands to lose over $500 billion by 2024 to cyberattacks, behind only High-tech and Life Sciences. What could it look like and how could it be avoided?
Finally, from my point of view, I really believe that not only the cars but also the entire infrastructure should be tested. Periodical tests are of the most importance in order to find any bugs and vulnerabilities that hackers could use to harm people or gain financial benefits. The passion for cyber security shall become a responsibility for us and getting there before bad guys will just show the manufacturers how they can patch all the things done before awful things happen.
Automotive Division at CTD
Cars are the most popular form of transport, as they evolve, we should be careful in improving the security also. Automotive Cybersecurity is becoming a key variable in protection, especially in modern cars. The Automotive Division from CTD is ready to tackle the challenge of exploring and finding the risks and vulnerabilities of these complex systems. Got questions? We have answers.