Researchers and ‘white-hat’ hackers have cyber attacks on modern cars. It is simple: identify flaws and loopholes in vehicles and fix them before malicious intent can exploit them. Cracking an automated, connected vehicle is unclear what criminals stand to gain.
Cyberattacks are based on the targets. Some may be motivated by financial gain, while political motives may drive others. Military operations have also seen cyber warfare become more common. Hacking a moving object is an obvious challenge, considering that successful cyber attacks have been carried out on stationary devices for many decades.
Experts know hackers will seize any opportunity to make money from vulnerable systems. The risk of theft, ransom, extortion or theft of personal property is real with autonomous vehicles (AVs). Chuck Bookish is Director of Automotive Business Development at Green Hills Software.
Is it worth the money?
Cyber attacks can be for many reasons, including money, terror, or just because hackers can do it. He explained that most of the time, there must be a financial incentive for people to use the resources to carry out such attacks. “There would be financial reasons to attack modern vehicles with ransomware cyber-attacks.”
Chris Urmson, Chief Executive and Founder of Aurora spoke in June at a virtual panel discussion hosted partly by AV education group PAVE. He noted that most cybercrime is about making money, but that there is not much to be made from taking control of a vehicle.
“Professional hacking does not mean fame and honor, it is about money and business. This is why the automotive domain is a desirable target,” stated Rasmus Adler (Program Manager, Autonomous Systems, Fraunhofer Institute for Experimental Software Engineering).
Although it isn’t clear whether hackers can target AVs for profit, it is not something the automotive industry should be concerned about. Many automakers offer ‘Bug Bounties’ to help researchers find vulnerabilities. This is a serious investment in cyber security. Independent penetration tests have shown flaws in everything, from infotainment systems and wireless key fobs to smartphones and OBD ports.
The Jeep Hack, which was the subject of the first legal dispute in its type, is perhaps the most well-known case. After years of pinballing through the US legal system, it was finally thrown out by a US court. However, there have been few better examples of the potential for skilled hackers.
Hold to ransom
There is money to be made by using electronic systems to steal modern vehicles– . Some believe that cars could be programmed to drive to the location of criminals. These cars can be worth up to US$40,000 each, as most of the connected and partially-automated models are located in the premium sector.
With relative ease, cyber attacks can also gain access to private data stored in vehicles. Researchers have already obtained detailed insights into travel habits, including the dates and times of each trip as well as the location of the vehicle. Researchers are now able to see how hackers could use the car’s electronic wallet to steal money from the driver.
Steve Wernikoff is a litigation partner at Detroit-headquartered law firm Honigman LLP, and previously served as a senior enforcement attorney at the Federal Trade Commission (FTC). He is now the co-leader of the firm’s Data Security and Privacy Litigation and Autonomous Vehicle Practices. He explained that hackers can get valuable data from vehicles, which may store sensitive personal information, such as data on phones that are paired with them.