More connected cars could increase risk of cyber attack — unless we act now, warns security expert
The more connected and autonomous cars there are on the road, the more attractive they become to hackers, says BlackBerry chief security officer Alexa Manea.
Speaking to GearBrain at the Geneva motor show this week, Manea also explained how the automotive industry as a whole needs to lay the right foundations when it comes to connected and self-driving cars to keep their future occupants safe. He believes there is value in current crash tests being expanded to include analysis of a car's cybersecurity systems alongside its crash structure and pedestrian safety devices.
When it comes to concerns over connected car hacking, Manea says there are two points of view. "One is the doomsday scenario [as demonstrated when a Jeep was remotely hacked while being driven in 2015] and one is that everything is fine, we shouldn't worry about it, instead just enjoy the benefits of connected vehicles. The truth is somewhere in-between. There's going to be a lot of great benefits from self-driving cars, but at the same time there's a lot of risks there."
Before we go any further, we should explain that, yes, this is the same BlackBerry which gave birth to the smartphone before being shot out of the sky by Apple, Google and Samsung. The company still sells business-focused smartphones in small numbers, but also works in the automotive space developing the backend of car infotainment systems with its QNX software. This business interest is now being expanded to capitalize on the growing interest in connected and autonomous vehicles.
Firstly, Manea puts out minds at ease. "The reality is that hacking vehicles is non-trivial, it's very, very difficult to do. For instance, with the Jeep hack the researchers had to spend between six months and a year reverse-engineering all of the protocols...From a hacker's standpoint, you're not going to actually spend that much time hacking a vehicle unless you're going to get a good return on investment."
Vehicle cybersecurity needs to be treated in the same way crash structures and airbags are, Manea saysiStock
However, as more connected and autonomous vehicles take to the public roads, the target offered to hackers - and the potential reward for compromising them - increases, just as it did when other devices like computers and smartphones became popular. "The more of these vehicles that we put on the road, the more it starts making sense for hackers to start attacking them," Manea warned.
He added: "What I really worry about in terms of car hacking is large-scale hacks either from criminal and terrorist organizations or from nation state type hacks. Those have the potential to really devastate us in the future, and the reality is if we want to prevent those types of long-term attacks we need to put into place the right foundation today."
That foundation, Manea agrees, could lie in today's crash tests expanding to challenge a vehicle's cybersecurity and resistance to hacking, as much as its ability to autonomously brake in an emergency and deploy airbags in a crash.
Manea told GearBrain: "Today we have car safety ratings, so when I buy a car I know that it has a 5-star front impact rating, for instance. I can see a situation in the future where we have those same types of security ratings. Because as we know, security and safety are really starting to come together."
Finally, the BlackBerry executive believes car cybersecurity will be kept up-to-date in the same way smartphones are today - with over-the-air software updates. Already used by Tesla and confirmed for the new Jaguar I-Pace. "We need secure, over-the-air software updates for cars. The way car recalls are done these days is totally inefficient. For me it's really important that we get those OTA updates done on every single car, to lay that foundation for a secure future."