August 25, 2016
Connected, autonomous vehicles are around the corner. Many of the most innovative and deep-pocketed companies in the world are racing to bring them to market — and for good reason: the economic and social gains they will generate will be tremendous.
But any transformative technology creates new challenges and risks in addition to benefits. This is no exception.
One of the biggest threats that society will face as transportation transforms in the coming years is vehicle cybersecurity. It is a topic about which much is still unknown, even among those working at the cutting edge of the industry; vehicle connectivity is a new phenomenon and the technology continues to evolve rapidly.
Thankfully, a major malicious cyberattack on a vehicle has yet to take place. But the potential danger was illustrated dramatically last year when two white-hat hackers remotely took control of a Jeep Cherokee and cut its transmission on the highway as part of a research initiative. The well-publicized incident prompted Chrysler to recall 1.4 million vehicles.
One of the central challenges in vehicle cybersecurity is that the various electrical components in a car (known as electronic control units, or ECUs) are connected via an internal network. Thus, if hackers manage to gain access to a vulnerable, peripheral ECU — for instance, a car’s Bluetooth or infotainment system — from there they may be able to take control of safety critical ECUs like its brakes or engine and wreak havoc.
Cars today have up to 100 ECUs and more than 100 million lines of code — a massive attack surface. Further complicating matters, auto manufacturers source ECUs from many different suppliers, meaning that no one player is in control of, or even familiar with, all of a vehicle’s source code.
The threat of automotive cyberattacks will only loom larger as society transitions to autonomous vehicles. But even before autonomous vehicles become widespread, car hacking is already a very real danger: In 2014, more than half of the vehicles sold in the United States were connected, meaning that they are vulnerable to cyberattacks.