It’s a disaster when your broadband goes down, or your inbox is swamped with spam, or your Facebook account is hacked and you start sending Viagra advertisements to your grandmother. But let’s face it; it’s not quite in the same league as engine failure in the outside lane of the motorway.
It is, however, now something that may require attention from the same people: those who attempt to provide security for digital systems. We have become used to the idea that we need to protect our computers and smartphones from viruses and malware, but we still tend to think of central locking and alarm systems as the first line of defence for our vehicles.
As vehicles become increasingly dependent on electronics, and more and more connected to digital devices, however, manufacturers are beginning to show concern about the potential for vulnerability these technologies create. The hazards which can potentially result from illegal damage to, or the theft of, cars and vans have existed since their invention; what is new is the number of ways in which modern vehicles are vulnerable to such attacks.
Vehicles contain a larger number of electronic components, micro controllers units (MCUs), and lines of software code than ever before, but they are also increasingly connected to other electronic devices such as sat-nav, smartphones and electronic entertainment systems.
Those obviously increase the risk that unauthorised users could gain access to vital aspects of the vehicle. What’s more, the plethora of operating systems, together with their relatively open access – a function of the huge market for the development of apps – and their easy interoperability create new opportunities for illegal manipulation and vulnerability to cyber attacks.
There is one further problem to add to the exposure which comes with greater connectivity, and that connectivity increasingly being used not only for phone calls or media players, but for the vehicle’s integral operations. That is the fact that, though more and more circuitry and code are involved in modern vehicles, they are still fairly feeble when matched against the processing power of desktop computers or even smartphones. And, even if connected by Bluetooth or WiFi, most are not in a position to make continual software updates or checks for malware.
In part, that is a limitation imposed by the environment; onboard computing systems have to be able to cope with the speeds, temperatures and stresses of a moving vehicle. But another limitation is the length of time a car or van is likely to be on the road; its viable life is well over ten years (and, if anything, getting longer) while most computers are likely to have been superseded after not much more than three.
Combine that with Moore’s Law, the observation that processing power tends to double every 18 months, while the price remains constant, and it is easy to see why onboard electronic systems, no matter how sophisticated, are vulnerable to the superior computing power of domestic machines.
The concern for those attempting to secure electronic systems for vehicles is that the factors – relatively low computing power, restricted connectivity for software patches and upgrades against viruses and the limitations of the vehicle’s environment – which make vehicles vulnerable don’t just affect peripheral functions. To go back to where we started, it’s a nuisance when your vehicle’s DAB radio gets hacked, and a major worry if its sat-nav or alarm system is compromised.
But if cyber attacks which compromise ABS brakes, steering or other critical safety functions become possible, there is a very real possibility of serious damage or even loss of life.
Manufacturers, suppliers and security advisers are collectively preparing for these kinds of dangers. Ford and Toyota have internal firewalls to guard against incoming software commands, while Tesla rewards hackers who spot software bugs in its system that hackers might one day exploit. Instead of relying solely on incoming vehicle-to-vehicle messages, vehicles could confirm that a crash is imminent by checking on-board radar or video camera before slamming on the brakes or swerving.
And here’s the good news: there’s a general consensus in every corner of the industry that the connected vehicle has potential to save more lives than to create new hazards.