U.S. Senator Ed Markey released a report on February 9th that details the vulnerabilities of the modern automobile to cyber threats.
Only 2 or the 16 questioned manufacturers were able to answer and describe how they would react to a cyber security breach in one of their vehicles. The two automakers were not disclosed.
- One manufacturer claimed that it could place a vehicle in a “fail-safe” mode that may limit vehicle operation if malfunctions that could cause damage occur
- One manufacturer stated that it would have the option to safely slowdown and immobilize an impacted vehicle if the vehicle is in motion at the time of detection.
Granted I do still think we're some way off from remote control seizure becoming a viable threat (and even so, why you and your car?), but one very real possibility, right now, is the potential for loss of property. Not the whole car mind you, but access to the interior.
Thieves took advantage of a combination of vulnerabilities in factory-fitted alarm systems and a diagnostic port typically used to read fault codes during servicing. They gained access to the port without triggering the alarm and used it to reprogramme blank keys. The whole process takes just a few minutes and the upshot was thieves in possession of fully functioning keys and making off with expensive BMWs almost at will. BMW has since released a software update to remove the vulnerability. That's reassuring but will be little consolation to those who had their cars stolen.
BMW just patched a security flaw that had left 2.2 million vehicles vulnerable to hackers operating their door locks, a problem which
Audi isn't immune to:
"Audi UK is aware of a relatively small number of Audi vehicle thefts which have allegedly been carried out using computer technology to eliminate the need for an ignition key. We will always exhaustively investigate any potential threat to the security of our cars in conjunction with the relevant authorities. To date we have absolutely no conclusive proof that our vehicle security systems can be breached in this way."
But thats ok, because Audi, well at least the A8, is heralded as one of the more secure vehicles on the market because of its network layout. Keeping core driving functions are superfluous wireless technologies mutually exclusive they are able to shut out potential control hacks.
The researchers point to Audi’s A8, by contrast, as an example of a strong network layout. Its wireless features were separated from its driving functions on its internal network, with a gateway that would block commands sent to steering or brakes from any compromised radios.
We seem to have two choices, stop connecting everything to everything or automakers need to change their cantankerous positioning, said Chris Valasek
"there's some pushback on 'why create technology for a threat that's not imminent, it is costly, but at the same time, no one wants to be the first one hit by this kind of attack. I'd rather work on it now, rather than panic when it happens ... it's up to everyone involved in the landscape to be vigilant on their security."
Which do you think is most likely?
