FREMONT, CA: Cars have come a long way from being just a means of transportation. They have smart features and are on the way to be capable of doing infinitely more. But the security researchers at the grassroots research firm focused on issues related to computer security, public safety and human life –I Am The Cavalry; are concerned over the growing use of technology in cars and the threats it poses.
In an interview with BBC, security researcher at The Cavalry, Josh Cormen says "Cars today are not just computers on wheels. They are networks of computers on wheels." The Cavalry recently in a petition urged the automakers to adopt, develop, enhance, and attest critical capabilities to lay a foundation for safety. In the petition they have identified critical areas, together with cybersecurity researchers and other experts in the automotive industry and came up with a ‘Five Star Automotive Cyber Safety Program’ to overcome the issues of security.
Contemporary cars are complex machinery with nearly 200 small embedded computers in it, known as electronic control units (ECUs), each one overseeing one subsystem. These embedded computers are manufactured by other companies who do not or may not be willing to reveal how they work, which poses serious security concerns. Researchers who have had a look into the in-car computer systems are not satisfied with what they have seen.
To get a better picture of the vulnerability of cars, IOActive, Information Security Services firm conducted a survey titled ‘A survey of Remote Automotive Attack Surfaces’ where 21 separate vehicles ranging from Toyota Prius to a Range Rover Evoque where checked for hackability. The 2014 Jeep Cherokee topped the list of the most hackable cars and the 2014 Dodge Viper was the least hackable.
Researchers Charlie Miller and Chris Valasek hacked into vehicles and investigated the Controller Area Network (Can) buried in its substructure. The conclusions showed a number of exploitable problems; in wireless tyre pressure sensors, telematics controllers and even anti-theft systems. In another six-week long investigation done by NCC Group, on cars by a popular automobile company whose name was not revealed; also showed serious vulnerabilities.
All this has led to much discussion among the engineering staff of the research and development wing of automobile companies for a reliable solution. "They know what they need to do but they have been lacking the executive support to make it happen," says Corman.
The once distinct boundaries of automobiles and cyber security are getting blurred with each passing day. The Cavalry in its petition notes, ‘now is the time for the automotive industry and the security community to connect and collaborate toward our common goals.’