Cybersecurity In The Auto Industry: Why It Matters To YOU

Photo by Adrian N on Unsplash

Cybersecurity is now a multi-million-dollar industry and it’s likely to continue to grow indefinitely. Cybercriminals will keep looking for new ways to identify and exploit vulnerabilities in the web.

Data breaches and other security incidents have been rising for years. Now that vehicles are nearly controlled entirely by software, cybersecurity in the auto industry has become a must.

Nobody who owns a car is immune to security issues, but businesses that own and operate a vehicle fleet are especially vulnerable. Not only does such a firm have multiple potential targets, but it will require software to manage the fleet.

If that should get hacked, the software could provide cybercriminals an array of private information that enables them to pursue further attacks.

Fortunately, the top fleet management software providers integrate strong cybersecurity measures into their programs, to give fleet owners peace of mind. However, if you own a vehicle fleet, you’ll still have to be vigilant about other potential security risks.

Today’s vehicles are controlled by software

In the past, all vehicle activity was controlled by the interaction of physical elements. For example, there was a physical connection between pressure on the gas pedal and the engine. Pushing the gas pedal would pull a metal cable that linked to the vehicle’s throttle.

Today, the interaction is controlled by software. When you press on the gas pedal, electronic software instructs the throttle how much fuel to release.

Software-controlled vehicles are questionable

Although it’s not a direct security concern, when software controls a vehicle’s functions and something fails on the road, it’s nearly impossible for anyone to reconstruct the factors that led to the failure. It’s literally the same situation as when your computer crashes: You don’t really know why.

This makes it difficult for engineers to diagnose bugs in their software. In 2010, Toyota recalled 2.3 million cars because quite a few Toyota owners were getting into serious collisions when their gas pedal stuck.

Toyota asserted the issue was attributable to a “worn pedal mechanism,” but outside experts said it was more likely a software bug. Although bugs are a concern, bugs in vehicle software tend to affect fewer potential victims than a cybersecurity threat.

The cybersecurity risk to connected vehicles

Before we dive into the details of security risks that relate to software-controlled vehicles, it’s worthwhile to acknowledge that if a vehicle isn’t connected to a network, it can’t be hacked. Lacking a network connection, a hacker would have to connect to the vehicle’s software directly to obtain access.

Although this is technically possible, it would require the vehicle to be a specific target since the invader would have to know exactly how to hack into that specific vehicle’s software. Having noted that, let’s examine some of the risks to connected vehicles.

According to data published by Car and Driver, cybersecurity incidents in which vehicles are hacked have already occurred, and in rising amounts. In 2019 there were at least 150 incidents, which represents a 94% year-over-year increase since 2016.

In the same article, Car and Driver quoted the CEO of a company that performs penetration testing on vehicles, and what he had to say is shocking. His firm was able to hack into just about any car, shut down or start the engine, control the brakes, windshield wipers, and door locks, and open or close the trunk.

Not even Tesla is immune to hackers

If you presume that high-tech car manufacturers can boast of better security, think again. In August 2020, a hacker exploited a vulnerability in Tesla’s server-side mechanism and gained control of an entire fleet of cars.

Nobody is truly immune to invasion by a cybercriminal, and the more complex that software grows, the more potential bugs could exist, just waiting to be exploited.

Is it possible to avoid this threat altogether? Possibly

If you’re wondering how you could avoid becoming vulnerable to having your vehicle electronically violated, you’ll be pleased to know there is a way. Surprisingly, it would require driving an older-model car.

For now, the only way to avoid driving a vehicle that carries possible software vulnerabilities is to put yourself behind the wheel of a non-software-controlled automobile. You might have to go a little further back in time than you think, since even cars manufactured in 2005 have faced recalls for containing software bugs.

There’s probably no way to stop carmakers from producing vehicles controlled by software. This is a transformation that has been on the way for a long time, and today there’s no going back.

Eventually, all the cars on the road will be controlled by software, and older cars won’t be readily available anymore. If you want to avoid putting yourself at risk for Internet security, your best bet is to buy a car that doesn’t connect to a network . . . otherwise, be prepared to pay a specialty mechanic a lot of money to keep a vintage vehicle running (or learn to do that work yourself!).