Like everything else in the forthcoming Internet of Everything era, cars, which today already rely heavily on digitized systems, are well on their way to connectivity with their surroundings. This is a welcome development. Already we have Bluetooth (radio to cellular) to help us speak hands-free while driving and GPS to keep from getting lost. In the near future, two communicative cars on a collision course could take preventative measures to avoid a crash. So the future looks bright. Our cars are essentially mobile computers on wheels, and our driving experience will be richer and safer as a result.
But there is a danger lurking, and it can’t be ignored. Think about the early days of networked computers. As long as computers were networked only with one another, there was little to threaten their security. But once computers connected to the Internet on a large scale, viruses, Trojans, and all sorts of nastiness were introduced into the world. These threats are manageable, but they do need to be managed.
Car networks are steadily reaching the level of interconnectedness computer networks reached a generation ago, and the potential for mischief is no less present.
What can go wrong? Think of it this way: anything that a computerized system can enable, a malevolent hacker with remote access can disable. Doors, brakes, ignition, acceleration, gauges, GPS readings are fair game.
Click here for a demonstration of how hackers can take control of a car’s computer systems and sabotage a drive.
To complicate matters further, most computerized car components are designed and manufactured with little regard for network security. Let’s say an electronic control unit (ECU) within the car instructs the ABS module that the anti-lock braking mechanism must be deployed immediately. Generally speaking, the ABS module can only assume that the message to deploy is from the ECU and not a rogue component impersonating the ECU; it has no way to verify if this is indeed the case. This is the state of most car networks today, and they are decidedly unsecure.
Securing the internal or external interactions of a car’s components is where Cisco comes in. Cisco is rolling out a range of products and services, collectively known as AutoGuard, that:
- Evaluate the vulnerability of a car network to hacking
- Provide mechanisms for securing a car network
- In cooperation with Original Equipment Manufacturers (OEM), design components to which security mechanisms can easily be applied
- Send over-the-air software downloads to fix software bugs in ECUs without requiring visits to a service garage, or worse, a vehicle recall
- Enable OEMs to remotely manage authentication and confidentiality for in-vehicle communication
- Provide a secured applications framework so third-party apps can integrate with a vehicle infotainment system without compromising driver safety and privacy
The networked car security industry is in its infancy, but the solutions are cutting-edge. By ramping up now to put solutions in place, the hope is that security attacks remain in the realm of theory.