Cyberterrorists have the potential to put millions of lives at risk by hacking the sophisticated cars on 21st Century roadways, one expert has warned.
The caution comes amid a host of technological advances pervading the automotive industry.
“The current state of vehicles on the road today — the new, modern car, not even self-driving — have become rolling computers,” said John Simpson, Consumer Watchdog’s privacy project director.
And its suggested that any computer is open to being hacked. In 2015, the National Highway Traffic Safety Administration recalled nearly 1.5 million vehicles over fears that they could potentially be compromised.
“If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles,” said Justin Cappos, a computer scientist at New York University.
“Many of our enemies are nuclear powers but any nation with the ability to launch a cyberstrike could kill millions of civilians by hacking cars. It’s daunting,” said Cappos, who also added that the issue of vehicle vulnerability should be an “urgent” national security issue.
Cappos continued, saying that hackers had the possibility of making a car a death trap.
He warned that any car built after 2005 is an “open door” for hackers.
“Once in, hackers can send messages to the brakes and shut off the power steering and lock people in the car and do other things that you wouldn’t want to happen,” he said.
“Once you are in the network you are able to communicate with any device, he said. “Components in cars are not good at understanding where messages come from and whether they are authentic.”
Further, a report over the summer claimed that hackers can interfere in the communication system that car components use to tell one another what to do.
“You could disable the air bags, the anti-lock brakes, or the door locks, and steal the car,” says Federico Maggi, a Trend Micro researcher who helped authored the paper.
“It’s practically impossible to detect at the moment with current technology,” he said.
Yet, there may be a way to prevent — or at least strongly protect — against such situations from happening.
Stephen Morrow, of SQS Group, which advises businesses on software protection, said automakers must make their vehicles more secure.
“Manufacturers must be accountable. A lot only want to do the minimum — security can be expensive and too many see it only as a tickbox exercise,” he said. “This is serious — lives are at stake. Government is going to have to get involved and standards developed and enforced.”
One analyst said that because terrorists can exploit any weakness, action is an important step to prevention.
“We’ve already seen vehicles used with devastating effect as weapons,” said Carsten Maple, professor of cyber-engineering at the University of Warwick. “Cybersecurity researchers and industry must ensure that systems are engineered to stop new attacks.”
“This requires us to think as an attacker would, rather than an engineer.”