While many enthusiastically await the new possibilities offered by autonomous cars, safety experts are viewing recent developments with concern. The more connected our vehicles become, the greater the risk of getting hacked.
After a long working day, you throw your car key on the kitchen table and lie down on the sofa. But while you switch off, your car is switched on. And before you know what’s happening, the thief is already long-gone with your vehicle, without burglary, without violence – just by using the connected technology.
Connected Cars: they can steal your car and you won’t be able to prove it
Key to Go is practical, but also a high security risk, recently warned the ADAC again. Even if the described example is more of a theoretical scenario so far, practice tests show how easy car theft can be with connected cars. The Keyless mechanism is seen as a source for potential safety hazards with networked cars.
Wireless functions on the car such as the entertainment system and keyless feature open up completely new possibilities for thieves. Instead of physically breaking into cars as before, they can now simply hack them from a laptop. Currently, the damage this can cause is rather limited, as cars are still in an early phase of connectedness, connected cars expert Thomas Köhler told Mobility Mag.
However, the consequences for car owners are potentially twice as bad than with a conventional theft. “In this kind of theft, the legal owner is disadvantaged in two ways: he loses his possession, and he also has problems with the police and insurance to prove there was a burglary. After all, the whole thing goes off without a trace on the vehicle.”
In the worst case, not only is the car gone, but we can’t prove that it was stolen.
The more networked cars are, the more opportunities hackers have
But while these are still quite manageable problems, almost all car companies are now working on autonomous vehicles. Security experts see enormous potential threats in everything from cameras to sensors to built-in communication systems. The more communication channels a vehicle has, the more ways there are to hack it.
Time and again, IT experts and journalists in demos have shown how easily driverless cars can be hacked.
This is no longer about the simple car theft, but about the taking over of steering and brakes, or manipulating the cameras. Given the terrorist attacks in Nice and Berlin, the fear is that criminals could use autonomous cars as a weapon.
Firewalls alone do not solve the problem
The more cars become like computers, the more car manufactures have to think like the IT industry, believes Ofer Ben Noon, co-founder and CEO of the Israeli cyber-security company Argus. “From the design to the operating system to the installation of firewalls, automated vehicles should be secured just like computers through multiple means. Until now, the automotive industry has been more focused on engineering and design. This must and will change,” he explains in conversation with Mobility Mag.
As someone who worked in Unit 8200 collecting signal intelligence and decrypting codes for the Israeli military, Ben Noon is certainly someone very aware of security issues. At present, the CEO of Argus, who also has an office in Stuttgart, is talking with German car manufacturers about possible safety measures for automated vehicles.
Of course, these problems have long been recognized. But even if Ben Noon looks at car security in terms of IT, the car industry has other priorities and quite different security concerns. While software developers commonly launch products on the market in Beta phase and gradually deal with security issues as they come up, this process will certainly not work for autonomous cars.
As there are not only material risks in vehicles, but also human lives at stake, concerns about security are much more serious here, says Thomas Köhler. “For autonomous cars, firewalls and other retrospectively implemented security systems as they are currently being proposed will not solve the problem. They are at best an intermediate step towards a new understanding of security that must be implemented everywhere where the damage potentially involves more than just a crashed desktop computer.”
Autonomous cars: “total security does not exist”
What are car manufactures doing about such potential dangers? The industry is conspicuously quiet on the subject. Among top German car makers, only Audi and Daimler replied to Mobility Mag’s requests for comments. And here again the answers are rather vague.
Audi spokesman Christian Hartmann, for example, wanted to reveal only this much about their in-house safety measures for connected cars and automated functions: “We separate the driving-related functions from the connectivity and infotainment functions via software and hardware solutions. In addition, we are continually expanding the security mechanisms during the development of new functions. ”
Benjamin Oberkersch, Daimler’s press officer for Connected Car & Infotainment went a bit further. In the development of new models, Daimler uses many security methods known in the IT world, such as public key cryptography, certificate infrastructures, firewalls, intrusion detection systems, virus scanners as well as encryption protocols such as TLS, Ipsec and WPA2. Oberkersch, however, points out at the same time: “There will be no absolute, 100 percent security.”
Even though the automobile sector has now woken up and is looking to improve security features both in connected cars and the development of automated models, complete safety is an illusion. Or, as Thomas Köhler puts it: “Everything that can be hacked will be hacked.”