Cars - the next-gen malware battleground

Posted by Rob Enderle

The folks at the Lifeboat Foundation have launched the AIShield project - which they say is designed to protect humankind from hostile smart products.  

In other words, Lifeboat is anticipating Skynet, the hostile computer system which created Terminators in the movie by the same name. Fortunately, or at least hopefully, such a deadly scenario appears to be quite a long way off.

Cars - the next malware battlegroundHowever, a more realistic threat is that our cars are and will likely remain vulnerable to various types of hacks. Indeed, McAfee released a report earlier this year confirming things aren’t going so well on the automotive security front.

The Problem with Smarter Cars

Future cars - perhaps even by the end of the decade - will likely be capable of avoiding accidents and self-parking. Some already alert drivers about traffic congestion, start remotely, update their maps automatically and boast integrated wireless hubs. Of course, Google has managed to program autonomous cars which have been cruising the roads for a while now, something which makes me feel really safe as  this all happened near where I live.

Essentially, just as we have seen hackers go after our PCs and smartphones (with Android being the biggest target on the mobile front), cars will likely be next. Indeed, researchers have already managed to prove that sensors in car wheels can be easily hacked

Impact

Malware can have a humorous or deadly impact for drivers. Clearly, switching our music around or sending us to the wrong location would be kind of funny, at least initially. However, such pranks could also cause a distraction when a car is stopped in front of us, and could even turn deadly if we are unknowingly sent to a dangerous part of town.

Obviously, simultaneously applying the brakes in numerous cars on the same road or freeway could result in massive shutdowns - injuring or killing a number of people. Causing cars to suddenly veer left or right would have the same effect with a photographic moment on tall bridges as the cars, in synchronous motion, sailed off of them.   

Now the car companies, to their credit, are isolating many of the new entertainment features from the rest of the car to prevent the more catastrophic of these outcomes - yet, IMHO, hey still don’t fully understand the risk. More importantly, however, even those that do can't mobilize fast enough to address the threat.

The Deadly Car Cycle

A few months back I moderated an automotive technology panel, which concluded that the biggest threat to vehicular security was the long development cycle for cars. Typically, it takes 3-5 years for a car company to go from concept to vehicle. This means that when a problem is discovered, unless there is a recall, the full fix won’t show up for at least 36 months and even then it mostly appears in new cars. 

Yes, cars can be flashed - but they don’t yet feature the capabilities to run anti-malware products, nor do they boast the equivalent of a firewall, let alone the ability to instantly update it. In fact,  car companies (currently) can’t even push out  a patch, you have to go to the dealership on a recall to have it applied for you. Essentially, the automotive technology industry is facing a 21st century threat with 20th century tools - something which has to change ASAP.