1.8 Million cars at risk of cyber crime

Statistics portal Statista predicts UK connected cars will increase from 1.8 million for 2016 to nearly 8.6 million by 2020. Worldwide, the number will rise to 160 million.

The increase of in-car computer technology could leave vehicles vulnerable to hackers as happened to a Jeep in the US under controlled conditions.

The SMMT says more than 1.8 million UK motorists per year now leave showrooms in cars featuring self-activating safety systems. More than half of new cars registered in 2015 had safety-enhancing collision warning systems, with other technologies such as adaptive cruise control, autonomous emergency braking and blind spot monitoring surging in popularity. All rely on computers.

Carsten Maple, professor of cyber systems engineering at Warwick University, says:

“Let’s say I was a criminal. Would I say, ‘Give me £100 and I’ll unlock your car’ or, if there’s lots of data in your car, connected to your phone, with details of where you went and who you spoke to, would I blackmail you instead? Even though it has not happened yet, there is a concern it might.”

Andrew Miller, chief technical officer at Thatcham Research, which conducts electronic risk assessments on every new car brought to the UK market, says: “We have connected vehicles now, many using a non-removable e-sim to connect, or wireless device, or your phone. It’s an amazingly complex area allowing one computer to speak to another, and delivering major benefits. It’s also an emerging risk – and with more connected vehicles, that risk will increase for motorists.

“When this risk will really emerge is the moot point: no one really knows. But the opportunity to fight back is right now.”

Alex Moiseev, managing director of the European arm of software security specialist Kaspersky Lab says: “It happens with desk computers now. It’s just a question of time before the bad guys move into your car, too.”

Moiseev should know. Kaspersky is contracted by Ferrari F1 which, at each race, relies on hundreds of sensors to provide thousands of data points in real-time – monitoring tyre pressure, fuel burn efficiency, brake force and so on – that are wired to laptops scrutinised by race engineers. It’s Moiseev’s job to ensure not a single kilobyte of top-secret data is infiltrated.

Kapersky ensures that the Ferrari F1 team has peace of mind over its secret race data

For while F1 connectivity gives engineers a competitive edge, the introduction of so much wireless data has created a minefield, too, potentially jeopardising production-line security, the company’s internet provider and even the driver’s safety.

On a race weekend alone, says Moiseev, there’s a notable increase in malware traffic, so protecting systems and data has never been more important, especially as, in common with other manufacturers, today’s race car wizardry is tomorrow’s road-car driver safety aid.

Internet security: The five worst ever cyber

The shocking ease with which a car’s computers can be hijacked was graphically illustrated last year when US hackers remotely took control of a Chrysler Jeep’s core functions – including brakes, wipers steering and transmission – during a dramatic filmed stunt.

Software security firm SQS is now hired by leading motor manufacturers to try to prevent this from happening. Stephen Morrow, its head of security services, predicts, attacks will move into the automotive arena, with potentially catastrophic results.

“Nobody is getting hurt yet, but as we start putting software in cars that are connected by internet, we are getting to the point where computer security intersects with public safety and human life. This is where things get much more serious,” he says. “Recent stunt hacks demonstrate that these vulnerabilities affect safety. Manufacturers need to get on top of things and take security much more seriously.”

Moiseev says: “the global motor industry got off to a very slow start.” “It did not take cybercrime seriously enough – until recently,” he says. “For years’ automotive firms bought open-source software to run the 40-60 computers now controlling functions in the average car. Who vetted the people who wrote the codes? What bugs already lie dormant in our vehicles, waiting to be manipulated?”

Asked if it was doing enough to protect drivers’ safety, the Society of Motor Manufacturers and Traders (SMMT) told us: “Vehicle manufacturers are investing billions of pounds to make cars safer and more intelligent. Data security is paramount to the automotive industry. Manufacturers are always striving to stay one step ahead of organised criminals and constantly monitor for potential breaches so that customers’ information is kept safe.”

Last year the government weighed in, too, launching the Centre for Connected and Autonomous Vehicles which, this year, asked IT firms to bid for a £40,000 contract to investigate automotive cyber-attacks.

Tagged on: