Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

RPT-CIA 'mission' on cars shows concern about next-generation vehicles

Published 2017-03-09, 07:00 a/m
© Reuters.  RPT-CIA 'mission' on cars shows concern about next-generation vehicles
STLAM
-
BB
-
TSLA
-

(Repeats story first published on Wednesday)

By Alexandria Sage

SAN FRANCISCO, March 8 (Reuters) - WikiLeaks documents showing the U.S. Central Intelligence Agency considered a "mission" against connected car technology underscores auto industry concern that the science behind the next generation of vehicles could be turned against them.

Cyber security is considered key to the rollout of tomorrow's self-driving and today's connected cars, which resemble computers on wheels with a host of communications routes that hackers could target.

If consumers are to trust smart vehicles, they must deem them safe from attack. Security experts cite the terrifying hypothetical example of a remote attack on a fully autonomous vehicle with no steering wheel or brakes, in which the passenger would have no recourse to regain manual control of the car.

"You have a lot of car companies trying to design cars to be better suited to automation, which means they're more attractive to hackers," said auto consultant Roger Lanctot of Strategy Analytics.

A major strategy for automakers is to reduce the number of communications gateways to crucial systems and to require services offered by third parties to go through a single secure path.

WikiLeaks documents show the CIA citing "vehicle systems" and a car operating system from QNX, owned by Blackberry Ltd BB.TO , as "potential mission areas" for the CIA's "Embedded Devices Branch" to consider.

The QNX operating system, which is used by most global automakers, provides a "a comprehensive, multi-level, policy-driven security model ... to mitigate attacks," the company said in a statement to Reuters. But given the collection of software, hardware and network components that make up a connected car, "security is only as strong as its weakest link," it said.

While the CIA's interest in cars brought widespread attention, the industry has already received wakeup calls about cars' potential to be hacked.

Researchers in 2015 used a wireless connection to turn off a Jeep Cherokee's engine, prompting a recall of 1.4 million vehicles by Fiat Chrysler Automobiles FCHA.MI .

In September last year, Chinese cyber security researchers hacked a Tesla Inc TSLA.O Model S sedan, remotely tapping the brakes and popping the trunk. The electric carmaker subsequently patched the bugs using an over-the-air fix. Tesla did not respond to a request for comment on its cyber security protocol.

The hacking of the Jeep and the Tesla "brought it home to the industry that even if its improbable it's technically possible," said Mark Wakefield, global co-head of the automotive practice at AlixPartners.

If a car was seen as vulnerable, it "could be a big brand problem," Wakefield said. Hacks could also expose private information shared between car and third parties - credit card numbers, account numbers or passwords - to theft.

A January survey by the University of Michigan's Transportation Research Institute found that 33 percent of respondents said they were "extremely concerned" over hacking of full self-driving cars to cause crashes.

CLOSING DOWN THE WAYS IN

The number of ways into cars has proliferated, from cell phone signals to dongles. One such gateway is the standard OBD-II port found under the steering wheel historically used for onboard diagnostics. Today, hundreds of after-market devices use the port, whether to monitor driving for insurance needs or provide conveniences like safety alerts.

"The security of these devices is important, as it can provide an attacker with a means of accessing vehicle systems and driver data remotely," warned the FBI in a March 2016 bulletin on cyber security risks to motor vehicles.

Carmakers are also building walls between non-crucial infotainment systems and driving controls so that any breach is blocked before it could compromise key functions like brakes.

The first step the industry is tackling is intrusion detection, said Lanctot. But what to do when a breach is detected is complicated, because shutting off parts of a car could be unsafe, he said.

Tesla was first to champion "over-the-air" technology in which wireless software updates are sent remotely to cars. Although some have argued such updates are a way in for hackers, Tesla and others see them a key protection to upgrade security and repair vulnerabilities quickly.

In January, U.S. lawmakers introduced a bill calling for cyber security standards for new cars but so far U.S. regulators have issued recommendations, not rules, on how carmakers should shield their computer systems from hackers.

The industry is "years away" from solving the cyber security problem, Lanctot said, noting that the first generation of cars built after the Jeep hack that include some kind of detection capabilities will not be seen until early in 2018.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.