Car makers rush to put self-driving cars on the road. Bets on how much attention is being paid to security? Stopping Self-Driving Cars From Becoming Cybersecurity Weapons
This isn’t a new issue really. I think it was Black Hat 2015 that had a talk about remotely hacking a Jeep driving down the highway.
And Def Con 25 is joining in the fun this year with the Car Hacking Village. No. It won’t amount to anything, I’m sure. Because the car companies are all over this, right?
Yuval Diskin, former head of Israel’s internal security service (Shin Bet) and Chairman of CyMotive Technologies, has a somewhat different view.
The car industry is run by engineers. Up until a few years ago, they thought of information technology (i.e., computers) as some kind of basic support infrastructure, like water and electricity. It’s been a challenge for the industry to better integrate its core competency—electrical engineering—with IT or computer engineering. But they now understand that IT is at the core of their business.
I doubt they really understand it. I believe they know they need to pay it lip service, and I believe they know they need to devote some level of resources to the issue, but I doubt they are setting up bug bounties, or ensuring that firmware and software updates are secure or that a user can always override what the vehicle is trying to do. In short I doubt they really understand what the issues are. Will they miss a ship-date to ensure that the software is secure?
I actually started a similar post on this subject last week, but couldn’t make it come together. Yuval Diskin came up with the phrase that puts it all in perspective.
Serious attacks can and will happen at the fleet level where you can impact many cars—“imagine stopping thousands of Toyota cars on the highways of Europe,” says Diskin.
Could thousands a of cars be hacked at the same time? You really have to ask? How many PCs were infected by WannaCry? By GoldenEye? And that was just in the past couple of months against an attack that we knew how to stop. (Upgrade your software/hardware!).