According to various estimates, the number of connected cars will grow from today’s roughly 50 million up to around 150 million over the next four years. The reasons for those wireless connections are many, but the obvious ones are for diagnostics, for entertainment, for navigation aid, and for emergency situations.
Unfortunately, too many people on the dark side see every one of those connections as a potential “hack point.” Whether the connection is made through WiFi, Bluetooth, or some other wireless protocol, even something proprietary, it serves as a potential point of entry. There are ways to get in using some of the wired connections too, but the focus seems to be on the wireless points, and rightly so.
Why would someone want to hack into a vehicle? That’s a tough question to answer, because it’s often done for reasons that most reasonable people can’t understand, similar to why someone would want to climb Mount Everest. But that’s beside the point, because we know there are people out there who do want to hack into vehicles.
Speaking with Gregory Rudy, a Director of Business Development for Integrity Security Services, a Green Hills Software Company, he offered some interesting insight into the “who” and “why” questions. He was of the belief that it could be almost anyone, from individuals to corporate folks, to actual terrorists. And the why is for fame and notoriety, economic gain, or flat-out terrorism.
Best practices by design engineers come in various forms, including taking advantage of the latest security practices; conducting risk assessment and management; collaborating with third parties; and increased awareness. In addition to adhering to ISO 26262, designing should also employ a secure boot, and device and software authentication.
Of course, there’s always one issue that has to be weighed—is the cost of keeping the vehicle safe higher than the fallout from the hack itself? The answer would seem to be an obvious one, but maybe not to the folks on the accounting side of the equation.
The bottom line is that you had better be at least one step of the hackers. They’re moving quickly, so it would behoove you to move at an even faster pace.