Makers of connected cars must radically rethink vehicle design and build if they are to counteract emerging automotive cyber-security threats, an industry expert has warned.
Today's cars, with their layers of unprotected processors and software systems, will become increasingly attractive to hackers and other malevolent online menaces looking to gain illegal access to vulnerable vehicles while motivated by a range of emerging rewards, such as data theft and blackmail.
“The connected cars of today are, in effect, the automotive equivalent to IT's legacy systems,” said Tom Blackie, VP Mobile & Automotive at RealVNC. “Car manufacturers would do well to look at how the IT industry has countered hacker threats over the last decade. It has reinvented systems so that they have more security built into them from the processor up, rather than continually trying to mitigate risks by finding patches for old technology.”
Speaking at the Cambridge Wireless Automotive & Transport SIG 'Connected and autonomous vehicles – safe, cyber-secure, private?' conference this week, Blackie said that some automotive OEMs are “terrified of something happening in terms of a cyber-attack on their vehicles”, and acknowledge privately that their in-vehicle IT systems are “completely creaky, with hundreds of vulnerable CPUs and different generations of software stacks”.
“They know that conventional car design will continue to present challenges when it comes to safeguarding connected vehicles against hackers,” said Blackie, “and I know that some Far Eastern automotive OEMs are ready to consider scrapping their conventional car design, and start over with a clean sheet.”
Blackie added that automotive OEMs planning to design and manufacture the connected cars of 2020 with cyber-security considerations from the outset will have a market advantage in terms of safer road vehicles that have more appeal to buyers. One model open to car designers would be to base automotive systems around fewer, more centralised processors which would be easier to defend against hacks.
However, due to their years-long product development cycles, even far-sighted automotive OEMs will continue to produce connected cars based on traditional designs while introducing new, more cyber-secure models alongside them, predicts Blackie.
“Established car makers are also worried about what the cyber-aware companies like Google and Apple might come out with going forward,” Blackie says. “They have seen what Tesla has achieved, and noted the fact the Tesla openly acknowledges that car hacking is an issue.”
The Cambridge Wireless Automotive & Transport SIG event was hosted by the Transport Systems Catapult and sponsored by Rohde & Schwarz. It featured speakers from a range of automotive and information technology disciplines, including Thatcham Research, SBD, Intercede, Thales e-Security, Plextek Consulting, Real Wireless, and Climate Associates.