Cybersecurity

Car software is evolving fast—and with it, threats from hackers

Car software is driving a ‘huge transformation’ in how we get around, says analyst.
article cover

Knight Rider/NBC via Giphy

4 min read

Want a car that’ll fly you around? Don’t hold your breath. A car that’ll do a little driving for you, park itself automatically, or unlock itself using your smartphone as a key? That you can get.

We’re not at Knight Rider levels of sophistication yet, but tomorrow’s cars are getting closer and closer to the vehicles of science fiction—at least as far as software features and power sources are concerned.

But as the software running the smart(ish) cars of tomorrow evolves, so too does the potential of hacks.

“The car has always been one of the second-biggest investments that people make in terms of the purchasing, behind the house,” said John Davenport, a director analyst with Gartner who specializes in the automotive industry. “There’s a huge transformation going on within the architecture of vehicles.”

Paying attention at CES. Yes, car software is changing fast. This January at CES, the tech industry’s biggest US conference, almost the entire West Hall of the Las Vegas Convention Center was taken up by cars, trucks, and other vehicles, along with their associated technology.

Software-defined vehicles are breaking boundaries on what would traditionally be considered a personal computer. Vehicles are connected to phones, and to the cloud—adding to the pressure on security systems. ETAS’s lead global product manager Omar Alshabibi told IT Brew at CES that the interconnectedness born from the explosion in software development comes with a price.

“That will continue to evolve,” Alshabibi told IT Brew. “And that will put pressure on cybersecurity.”

Elsewhere on the show floor, BlackBerry was showing off its car software capabilities. The company’s CTO, Charles Eagan, told IT Brew that he sees cybersecurity as a major factor in the automotive industry going forward, with more and more software included in vehicles. Car software, he said, is making cars more like mobile servers than embedded fixed-function systems. That comes with new threats.

“As kinetic things start to become cyberattackable, safety and security are kind of intertwined,” Eagan said.

Kinetic dangers. Those kinetic elements of the car, the physical parts of the vehicle’s operations, have specific electronic control units. One well-known example is the tech that controls a car’s anti-lock brake system.

“If we were to take a step forward, where we’re now talking about that anti-lock braking functionality being operated as an application that runs on a high-performance computer that can be updated and improved over time, it is increasing the likelihood that actually a hack of a vehicle could result in a catastrophic failure,” Davenport said. “And this is why the automotive manufacturers are really investing in cybersecurity.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Sam Curry, a staff security engineer at Yuga Labs, agrees. Curry’s work has uncovered vulnerabilities in the automotive industry’s software design that indicate that there’s work to be done to keep things safe. He told IT Brew that vulnerabilities will continue to be a part of vehicle software due to the “moving parts” in place that allow components to be controlled and run by people’s phones and other devices.

“In order to do that, it has to go through multiple servers and multiple systems,” Curry said. “At the end of the day, it’s kind of a complicated technology—so in the future, you’re going to see vulnerabilities.”

Overstated threat levels. As vehicles incorporate more and more electronics into their operating systems, there’s a corresponding increase in software—both from the manufacturer and third parties. That means a greater attack surface, something that Alshabibi told IT Brew is inevitable, even with processes in place governing the development, writing, and deployment of code.

“Mistakes do happen, right? That’s what increases demand on security,” Alshabibi said.

Not everyone sees the threat of hacks as an all-consuming danger to the automotive industry. Boston Consulting Group managing director Nadine Moore, a cybersecurity expert, told IT Brew that she sees the industry as caught in the throes of “a massive evolutionary moment” that is going to lead the industry to a place where cars are making more and more decisions for drivers. The cybersecurity risks associated with that transition are real—though not as threatening as they might seem, or have the potential to be. Hackers, after all, are after cash, not harm.

“What’s the motivation?” Moore asked. “Most hackers are in the business for financial gain. So. taking over a vehicle is a personal injury, right? That’s harming somebody probably but there’s less of a financial opportunity there.”—EH

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B