Self-driving cars could cut road deaths by 80%, but without better security they put us at risk of car hacking and even ransom demands, experts at SXSW say
You’re about to drive to work. You turn on the ignition – and a message on the dash lights up. “We’ve hacked your car! Pay 10 bitcoin to get it back.”
Hacking into software and then demanding a ransom to release it – what’s known as ransomware – is not new.
Finnish security expert Mikko Hypponen fully expects it to become a reality as self-driving or “autonomous” cars start to become more commonplace.
Already, one hacker claims to have taken control of some systems on board a passenger plane he was on, getting as far as issuing a “climb command” that he accessed through the entertainment system. Another pair of hackers caused a Jeep to crash in July 2015 by accessing some of the car’s software through another poorly protected entertainment system. At the Defcon hacking conference, as far back as 2011, hackers were asking if they could write a virus that would be transmitted car to car.
Hypponen, chief research officer at the Finnish security firm F-Secure, told an audience at SXSW that in the 25 years he had worked in cybersecurity, he had seen a big shift in the type of people who do the hacking, as well their motivations. “When I entered this field, the hackers had no real motive – they were doing it because they could.”
He says there are now generally five types of hackers:
- Good “white hat” hackers, who break security so that a weakness can be found, fixed and ultimately improved
- Activist hackers, like Anonymous, who are politically but not perennially motivated
- Nation-states and foreign intelligence agencies, a growing issue over the past 10 years
- Supporters of extremism of which Isis is the only really credible threat thus far
- Criminals, who Hypponen says now make as much as 95% of all malware, using hacking to make millions of dollars
It is the criminals motivated by money that present the biggest threat and are likely to increasingly target self-driving cars; the multiple components in cars and lack of rigour by carmakers has made this a pressing issue. “Legacy manufacturers who build cars have a long history of safety but not of security, and that’s why they are starting to learn the hard way. Now they take it seriously – and last year was a wake-up call,” he said of the Jeep hack.
Robert Hartwig, president of the Insurance Information Institute (III), says the US market for cyber insurance is growing massively, from $2bn in 2015 to a predicted $7.5bn in 2020. “This is America, and if you have a breach of personal data, you are absolutely positively going to be sued. The legal fees and settlement costs will be more than the cost of the attack.”
Read more of the original article in The Guardian