Any part of a car that talks to the outside world is a potential opportunity for hackers.
That includes the car’s entertainment and navigation systems, preloaded music and mapping apps, tire-pressure sensors, even older entry points like a CD drive.
It also includes technologies that are still in the works, like computer vision systems and technology that will allow vehicles to communicate with one another.
It will be five to 10 years — or even more — before a truly driverless car, without a steering wheel, hits the market.
In the meantime, digital automobile security experts will have to solve problems that the cybersecurity industry still has not quite figured out.
“There’s still time for manufacturers to start paying attention, but we need the conversation around security to happen now,” said Marc Rogers, the principal security researcher at the cybersecurity firm CloudFlare.
Their primary challenge will be preventing hackers from getting into the heart of the car’s crucial computing system, called a CAN (or computer area network).
While most automakers now install gateways between a driver’s systems and the car’s CAN network, repeated hacks of Jeeps and Teslas have shown that with enough skill and patience, hackers can bypass those gateways.
And the challenge of securing driverless cars only gets messier as automakers figure out how to design an autonomous car that can safely communicate with other vehicles through so-called V2V, or vehicle-to-vehicle, communication.
The National Highway Traffic Safety Administration has proposed that V2V equipment be installed in all cars in the future. But that channel, and all the equipment involved, open millions more access points for would-be attackers.
It’s not just V2V communications that security experts are concerned about. Some engineers have imagined a future of vehicle-to-infrastructure communications that would allow police officers to automatically enforce safe driving speeds in construction zones, near schools or around accidents.
Given the yearslong lag time from car design to production, security researchers are also concerned about the shelf life of software deeply embedded in a car, which may no longer be supported, or patched, by the time the car makes it out of the lot.
In 2014, for example, some curious Tesla Model S owners did some tinkering and claimed to have discovered a customized version of a type of Linux software called Ubuntu. Ubuntu 10.10 was first released in October 2010 and has not been supported since December 2014. “In effect, that means the operating system in your car was deprecated before you bought it,” Mr. Rogers said.
Read more of the original article at The New York Times.
