Howard is my favorite automotive journalist -- she writes for the Detroit Free Press. I discussed this issue years ago in my Stealing Cars (Johns Hopkins, 2014).From her article published 1/9/2020.
No, you're not talking crazy.
The threat of regular people having their vehicles carjacked by cyberattackers is real.
Fact is, computer hackers on the other side of the world potentially could — while you’re driving — crash your navigation system, cut your brakes, disrupt your steering or remotely take control of the entire vehicle. Hackers do not need to be in close proximity; all they need is something as simple as internet connectivity. Cars have become heavily connected to the internet.
They are essentially computers on wheels.
That’s why automakers in Detroit, Germany, France, China and Japan are aggressively working to monitor technology protections in private cars, trucks and SUVs connected to the global internet to provide navigation assistance and so much more.
“The awareness of cyber security in the entire world has gone up. It’s not a secret there is an existing cyber war between the U.S. and Iran," said Moshe Shlisel, CEO of GuardKnox Cyber Technologies, based in Ramla, Israel. His company is composed of Israeli Air Force veterans who helped pioneer the cyber defense systems still deployed in their fighter jets and missile defense systems.
'National risk'
An even bigger concern is the risk to fleets of vehicles that could cripple the transportation system.
“This would be a national risk,” said Shlisel, who indicated sites of energy companies in the U.S. are also on high alert amid tension between the U.S. and Iran.
The Department of Homeland Security warned this week that the current international conflict “may result in cyber and physical attacks against the homeland and also destructive hybrid attacks by proxies against U.S. targets and interests abroad.”
The federal agency urged companies to “consider and assess” the potential for cyberattacks..
“In the past, to conduct an attack on a specific individual or vehicle, you needed a person on the ground or a tracking device to identify the target. Today, in the era of connectivity, hackers can penetrate a vehicle remotely to find its location and then execute an attack,” Schlisel said.
Now more than ever
Protecting vehicles is like running security protections on your computer non-stop, Shlisel said.
It can be frightening to someone who understands that hackers are working relentlessly from all parts of the world to penetrate our networks and create chaos, and that includes cars.
Holly Hubert, a cybersecurity expert who retired in 2017 from the FBI in Buffalo, New York, said, “Since cars now are run by computers, vulnerabilities can be patched and mitigated just like any other computer. Automotive companies are aggressive in trying to find mitigation strategy for faulty code.”
No question, cyber security experts said, the issue is top of mind now more than ever.
Incredibly, that means competitors in the automotive industry are sharing valuable information and working together on this public safety issue.
“The bad guys share this information all the time. If the good guys aren’t sharing the information, they’re going to get hit,” said Faye Francy, executive director of the nonprofit Automotive Information Sharing and Analysis Center (Auto-ISAC), which specializes in cybersecurity strategies.
“Very simply, one company’s detection is another company’s prevention,” she said.
One of the reasons the automobile industry brought Francy in to coordinate cyber security is she, too, worked in the aerospace industry. Security for cars and jets have a lot in common.
'Take this very seriously'
“There’s an awful lot going on as far as commitment to implementing cyber security,” Francy said. “As far as automakers go, they take this very seriously, as serious as they take safety. We’re in a nascent area and there’s a great deal of learning going on. We’ve made a lot of strides and there’s still more to be done.”
Remember, cyber crime experts pointed out, wireless technology controls thousands of elements in our cities and connected cars and all those areas are potential targets.
General Motors said it is intensely committed to defending against attacks.
“As vehicle connectivity continues to evolve, GM has continued to strengthen cybersecurity measures. We have a three-pillar approach which deploys defense-in-depth, monitoring and detection, and incident response capabilities to protect our customers, their vehicles and their data,” said spokesman Chad Lyons.
The company plays a leading role in Francy’s organization, analyzing intelligence and best practices for emerging risks, he said. “The industry has taken product cyber security very seriously and continues to work quickly on new standards and strategies to continue working to stay ahead of the threat.”
GM noted that the new Corvette and Cadillac CT5 actually have new cyber protections.
GM, Ford, and Fiat Chrysler executives all serve on the board of directors of Auto-ISAC.
“FCA US is deploying both hardware and software technologies to protect against cyber intrusions. But we also improve protection by partnering with others,” says Sandra Hosler, senior manager, vehicle cyber security at Fiat Chrysler.
“Open collaboration with our industry peers through the Auto-ISAC, trust and transparency with our suppliers, and cooperation with security researchers through our bug bounty program, are all critical components of our vehicle cybersecurity program," she said.
It is perhaps because Fiat Chrysler made news in 2015 when
Wired magazine wroteabout how researchers hacked a Jeep Cherokee and took control of the windshield wipers, climate system, radio and then cut power to the transmission while the vehicle was being driven by a reporter.
This particular experiment didn't damage the reputation of Jeep, experts said, it simply illustrated industry-wide vulnerability.
T.R. Reid, spokesman for Ford Motor Co., said, “Ford is constantly creating new technology that improves mobility. With that comes responsibility for making sure people and their personal information are safe. We take that very seriously.”
All a hacker needs to identify your vehicle is the computer network.
“You can’t believe how easy it is,” Shlisel said. “They can penetrate the GPS (global positioning system) and understand your location and get your internet address. You can do it remotely by just penetrating the network and do whatever you want.”
If you catch hacking, you can retrofit your car with protections device, he said during a break in activity at the Consumer Electronics Show (CES) in Las Vegas.
Companies must be on alert at all times, cyber experts said The key to safety is establishing a strong defense, monitoring carefully and being prepared for attack.