With more and more computer interfaces and internet connectivity, cars are getting progressively more connected and smarter. But this comes with a counter effect of its own – the larger risk of getting hacked.
Cars with automated features, such as self-driving cars are at higher risk of being hacked than the semi-autonomous cars, which could put passengers’ lives in danger. A self-driven vehicle is almost completely data dependent for maps and obstacles detection information, which means that tighter protocols have to be put in order to protect the safety of riders.
While we are still waiting for the fully autonomous cars to happen, their semi-cousins are already on the market, including Nissan Leaf and Tesla Model 3. The problem with these is in their outdated technology which is an easy target for hackers to attack. The Nissan Leaf, for example, uses the Infineon chip to manage the onboard radios, the same chip that is found in the first ever version of Apple iPhone, which makes it incredibly easy to hack. It has been proven so in a research paper called Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. The paper has been authored by Ralf-Philipp Weinmann, a postdoctoral researcher at the University of Luxembourg.
At this year’s Def Con, which is a hacker conference held in Las Vegas between July 27 and July 30, researchers from McAfee, the security firm, have warned that the chip could have an alternative use for sending ransomware to the cars.
Now, it is important to note that the hack could be prevented by installing software updates that carmakers make, but users have to install all of the updates, which is sometimes unrealistic of users to expect. Moreover, software updates cannot essentially get all the vulnerabilities out as it happens with devices such as smartphones and personal computers.
Because smartphones and similar devices use multiple chipsets, they are less likely to get hacked into, while the connected cars have only one chip. This could escalate even more when it comes to self-driven cars.
You see, all automotive companies work on a supply chain mechanism to manufacture the vehicles. And when it comes to self-driven cars, the companies would have to import multiple chipsets and compatible hardware. This would require new supply chain mechanisms to be developed to check quality and user protection.
While the technology is going full speed and expanding more and more, the government is struggling to catch up and figure out the security protocols and guidelines for the new car systems. Self-driven cars should hit the roads in 2021, but we still have no idea how to secure them or the security protocols should work.
To add salt to the wound, in a case of an injury in an accident or a hack, nobody is really sure who should be held accountable, the driver or the car itself. Besides, another issue is location tracking. Since the information about the rider’s location would be remotely available, an attached system could leak out the data putting the rider at risk.