The connected car or autonomous vehicle is the kind of fantasy image we are all likely to conjure up if we were asked to think of what lies up ahead in the future. The truth is, many vehicles are already deeply connected and autonomous vehicles are well on their way.
For instance, Ford Motor Co. has forecast that it will be offering fully driverless vehicles to the public by 2025. Ford has even entered into partnerships with the likes of Dominos to work on the disruption of pizza delivery.
While the world is awash with talk and big ideas regarding this next potentially transformational phase in driving, there are still major hurdles these projects must jump before there could be any consideration for the large scale integration of this technology onto roads in the real world.
One such hurdle is the question of cybersecurity and it is not hard to see why. Hackers are posing an ever increasing threat based on their ability to take control of IoT devices, so with the network connectivity required by an autonomous vehicle they too could be a target. Unlike with your connected hoover, a hacked connected car could pose a major risk to human life, making it a central focus area.
Because of the importance of this factor in the future of driving technology, we are setting out to help you discover just how a hacker might go about breaching the cyber defences of a connected vehicle.
By leveraging production line vulnerabilities
Attackers can leverage vulnerabilities in autonomous vehicle components before they have even left the factory in one finished piece. This is a critical stage in which security has to be tight, or else hackers can find loopholes in the complex supply chains and infiltrate.
The complexity of connected and selfdriving vehicle software is on the one hand a field day for hackers and a big challenge for manufacturers. Given that security cannot be guaranteed by anyone in the world at the present moment, a sensitive, still nascent technology is the promise land for malicious threat actors.
Combatting hackers at this vulnerable entry point for example is BlackBerry. The once leading smartphone maker has turned its hand to security, now looking to provide its Jarvis software for autonomous vehicle security. The company has specified the suitability of its technology to provide robust defence from this vulnerable point onwards.
By fooling the internal network
The internal network is the nerve centre of connected vehicles including selfdriving cars, making it an area that the many manufacturers looking to move into connected and autonomous vehicles must protect most heavily to defend against agile hackers.
This method of hacking a car is no mere theory because it has already been done in practice at the 2016 Black Hat conference. Charlie Miller and Chris Valasek were able to intercept vital correct messages being sent to a Jeep Cherokee’s internal network by sending false ones. This allowed the demonstrating hackers to cause the car to turn violently, speed up and brake.
Some other top ways a connected car could be hacked include buffer overflows, coding logic errors, hardcoded credentials, backdoors and information disclosures.
This article is from the CBROnline archive: some formatting and images may not be present.