Hacking viewed as real threat as car computerization grows

Automakers delve deeper into cybersecurity as risks rise

8/31/2014
BY TYREL LINKHORN
BLADE BUSINESS WRITER
The level of computer control in cars has increased rapidly over the last few years, giving rise to a new range of security concerns that are forcing automakers to dive deeper into cybersecurity in an effort to better protect drivers.
The level of computer control in cars has increased rapidly over the last few years, giving rise to a new range of security concerns that are forcing automakers to dive deeper into cybersecurity in an effort to better protect drivers.

If it’s computerized and connected, chances are it can be hacked.

The potential targets are almost endless — your smart phone, your refrigerator, even Dick Cheney’s heart.

The former vice president told a CBS interviewer earlier this year that doctors had disabled his pacemaker’s wireless capabilities, lest some ne’er-do-well remotely turn off his ticker.

Such are the concerns of an increasingly networked world.

Those dangers have now spread to automobiles.

The level of computer control in cars has increased rapidly over the last few years, giving rise to a new range of security concerns that are forcing automakers to dive deeper into cybersecurity in an effort to better protect drivers.

“It’s a real issue that’s going to grow in importance, and the risk becomes larger each year,” said Egil Juliussen, an analyst and researcher with IHS Automotive.

Modern cars are loaded with small computers and millions of lines of code that direct everything from the throttle and steering to the power seats and radio. Someone with very good computer skills and very poor intentions could theoretically take control of almost any vehicle system they wanted with little to stop them, Mr. Juliussen said.

Automakers are working hard to change that, though it will take time.

“I would say we’re in the stage where they’re aware of it, they want to do something about it, but it’s going to take three to five years until the new cars have these protection mechanisms in place,” Mr. Juliussen said.

It’s worth pointing out that there are no confirmed reports of any vehicles being hacked. However, there’s no shortage of evidence that demonstrates the possibilities are there.

In 2010, researchers at the University of Washington and the University of California San Diego presented a paper outlining a range of things they were able to do after hacking into a car’s electronic control module.

After writing a special program that enabled them to toy with the car’s operation, researchers were able to control the radio, alter the speedometer readout, lock and unlock the doors, and prevent a car from starting.

The researchers were also able — at 40 miles per hour — to prevent the driver from applying the brakes and kill all the car’s lights, including the headlights.

And earlier this month, Charlie Miller and Chris Valasek, a pair of well-known cybersecurity researchers, presented a paper that outlined possible vulnerabilities in a number of late model vehicles by looking at how many points a hacker might be able to access remotely. They went as far as ranking the “most hackable” cars on the road, a list that included the 2015 Cadillac Escalade, the 2014 Infinity Q50, and the 2014 Jeep Cherokee.

They note, however, that the list is based on the appearance of being hackable. Those particular vehicles weren't physically tested.

“This doesn’t mean that the most susceptible looking isn’t in fact quite secure,” the paper says, “or that the most secure looking isn’t in fact trivially exploitable, but it does provide some objective measure of the security of a large number of vehicles that wouldn’t be possible to examine in detail without a massive effort.”

The two researchers didn’t respond to emailed requests for an interview.

On guard

Despite the absence of reported cybersecurity incidents affecting vehicles on the road to date, companies are taking action to prepare for possible future threats.

In a statement, Chrysler Group LLC noted there have been no reported hacking incidents to date, but the company said it continues to prepare for future cyber security threats.

“Consistent with Chrysler Group’s long-standing commitment to its customers and to innovation, we have a team of engineers dedicated to developing cybersecurity features in anticipation of emerging threats. Such new features are introduced to our vehicles on an ongoing basis.

”Further, Chrysler Group strongly supports the responsible disclosure protocol for addressing cyber security.

“Accordingly, we invite security specialists to first share with us their findings so we might achieve a cooperative resolution. To do otherwise would benefit only those with malicious intent.”

Scary as that all might seem, it’s important to keep things in perspective, said Karl Heimer, who is a senior research director of Battelle’s Cyber Innovation Unit. Batelle. The Columbus-based nonprofit research lab is working with a number of automakers and other companies to help develop ways to thwart potential threats.

“It is academically interesting,” Mr. Heimer said. “They are important proof points for moving forward, but are they an actual risk or danger?

“I do not believe so.”

Limited benefit

For one, there’s little to be gained financially from hacking into a car. It’s also not easy. There’s little commonality from model to model, and there are few ways to remotely hack a car, meaning you might have to psychically break into a car in order to get access to the computer.

Mr. Heimer points out that Mr. Miller and Mr. Valasek tore the dash out of one of the vehicles they demonstrated.

“These are not stealthy kinds of things,” Mr. Heimer said.

However, as cars become more connected — both to the Internet and to other cars on the road — those payoffs could increase and the hacking could become easier.

In the meantime, automakers have a chance to get ahead of the issue.

Though some have criticized the industry for being slow to react, Mr. Heimer said the industry has been very responsive.

Wade Newton, a spokesman for the Alliance of Automobile Manufacturers, said the nature of the work isn’t something that’s often talked about.

Mr. Newton, whose group represents 12 automakers, said the industry spends $102 billion annually on research and development.

“A sizable chunk of that innovation is coming to protecting these important technological advances in autos,” Mr. Newton said. 

“I think you’re always going to see automakers moving forward and working to protect the products and their consumers,” he said.

Contact Tyrel Linkhorn at: tlinkhorn@theblade.com or 419-724-6134.