Sometime over the next few weeks, California battery carmaker Tesla Motors plans to ask a select group of owners to begin testing its latest vehicle-operating software. Dubbed version 7.0, it will include a beta version of Tesla’s new Pilot system, which will offer the ability to drive on the highway hands-free.
As with previous updates for the Model S sedan, Tesla will upload the software wirelessly, rather than requiring owners to visit its showrooms. It’s an approach many other automakers are expected to adopt in the coming years, but one that raises serious concerns among experts who say it could entice hackers to shift their focus from computers to cars.
The risk was highlighted this week when hackers gained access to a 2014 Jeep Cherokee driven by a reporter for Wired magazine. According to his account, they turned on the Jeep’s windshield wipers, shut the engine down while it was being driven down the highway, took control of the steering wheel and then disabled its brakes, sending it into a ditch.
It may have been an attention-getting stunt, but Egil Juliussen, a senior analyst and research director with IHS Automotive, said that it provided an important wakeup call for vehicle manufacturers.
“Five years ago, the auto industry did not consider cyber-security as a near-term problem,” he said. “For the auto industry, this is a very important event and shows that cyber-security protection is needed even sooner than previously planned.”
New Technologies Abound
There are several reasons why cyber-security is becoming such a critical issue so quickly. For one thing, automakers are adding new technologies to their vehicles at a prodigious pace, everything from radar-controlled collision warning to advanced infotainment systems. They’re also opening up a number of new channels into the vehicle, noted Saar Dickman, CEO of TowerSec, an Israeli-based firm developing automotive security technology.
While Dickman wouldn’t discuss specific ways hackers might target a vehicle, other experts point to the new 4G LTE systems offering cellular connectivity that Chevrolet, Audi, Chrysler and other manufacturers are adding. Then there are channels normally open to satellite radio broadcasts that could be hacked. Even the tire pressure monitoring systems now required for all new cars potentially could be used to gain entry into a car’s complex computer network.
“You want to embrace innovation, but you have to understand the risks that come with it.”
Meanwhile, federal regulators are studying plans to require future vehicles be capable of wirelessly linking up to both car-to-car and car-to-infrastructure communications networks that would offer advisories on traffic conditions, weather and crashes.
“You’re providing more services and more access,” said Dickman. “You want to embrace innovation, but you have to understand the risks that come with it.”
If vehicle security followed the conventional path, motorists would have to sign up for anti-spam and anti-virus software similar to on their desktops, laptops, and even tablets and smartphones. But as recent hack attacks on online retailers like Target and even seemingly “hardened” systems like the Pentagon have shown, that approach is less and less effective.
The automobile is particular vulnerable because of both the amount of hardware and software onboard. Even an entry-level vehicle might have dozens of microprocessors. And more complex models often rely on over 100 million lines of code – more than is used in a modern jumbo jet or even the latest fighter aircraft, experts say.
Several alternative security systems are under development. The Battelle Center for Advanced Vehicle Environments has developed a concept called NEM – short for a Network Enforcement Module. It takes a snapshot of what things are supposed to look like from a software standpoint when the vehicle is just rolling off the assembly line. If, suddenly, there’s an anomaly, the car wants to veer left when you’re steering to the right, for example, a NEM would recognize an inadvertent system failure or the possibility the vehicle was hacked and immediately switch to a backup program.
While Dickman wouldn’t discuss specifics of TowerSec’s EcuShield system, it likewise is meant to recognize potential anomalies and block hackers from making changes to a vehicle’s software. The company has been developing the product, would add about $10 to the cost of a typical vehicle, over several years and hopes to begin production soon, Dickman said.
During a visit to Detroit early this week, National Highway Traffic Safety Administration chief Mark Rosekind stressed the potential benefits of new technologies like collision warning and autonomous driving, which hold the promise of sharply reducing the number of deaths that occur each year on U.S. roads.
“This technology has a huge potential for the future,” he said.
But he quickly added that the auto industry must make sure that hackers aren’t able to access tomorrow’s vehicles the way they’ve cracked open so many home computers and business servers. Otherwise, the consequences, experts agree, could be catastrophic.
More from The Detroit Bureau