Photo: Kaspersky
The smarter our cars are becoming, the more exposed there are to cyberattacks, and drivers in the United Kingdom could figure out this the hard way, security experts warn.
The British Department for Transport wants automated lane keeping systems, or ALKS, to become standard equipment on new cars sold from 2021, and while this is considered by many a welcome safety upgrade, security researchers warn of new risks that such a decision could create.
ALKS implementations are powered by dedicated software running on the ECU, and a malicious actor that could get access to this code could eventually be able to control the car.
Antony Edwards, COO at intelligent automation firm Eggplant, has already warned the United Kingdom government of the security risks of making ALKS mandatory equipment of new cars.
“It is extremely important that this type of technology is constantly tested to detect errors and anomalies in the software. Autonomous driving opens up new opportunities but also risks. Ensuring driver and vehicle safety will always be a top priority. But in-vehicle technology also presents the challenge to protect drivers’ personal data from getting into the wrong hands. Securing systems against hackers and effectively securing the systems against cyber attacks is another facet that needs to be addressed,” he said in an interview.
But more specifically, how could an automated lane keeping system make your car prone to hacking?
There are two ways a cybercriminal could access the system: remotely and physically.
Most often, a remote hack requires access to the car from outside the system, in which case the vehicle must be connected in one way or another to the Internet. For example, one way to hijack a car could be through a companion mobile app that’s installed on a smartphone and which doesn’t properly encrypt communications, thus allowing a malicious actor to intercept the data and find a way to get inside the car.
Once they do that, they could eventually hijack other features and compromise systems like ALKS.
A physical attack is obviously a lot more difficult because someone with such a goal needs to get inside the car and connect to the ECU. Of course, the likelihood of such a hack to happen is much lower, but on the other hand, exploiting a vulnerable system with physical access to the software is actually a lot faster because it doesn’t require finding an alternative way to compromise the system.
At this point, it’s all about to ALKS developers to make sure that everything is properly protected, but without a doubt, more software in a car means more interest from hackers across the world too.
ALKS implementations are powered by dedicated software running on the ECU, and a malicious actor that could get access to this code could eventually be able to control the car.
Antony Edwards, COO at intelligent automation firm Eggplant, has already warned the United Kingdom government of the security risks of making ALKS mandatory equipment of new cars.
“It is extremely important that this type of technology is constantly tested to detect errors and anomalies in the software. Autonomous driving opens up new opportunities but also risks. Ensuring driver and vehicle safety will always be a top priority. But in-vehicle technology also presents the challenge to protect drivers’ personal data from getting into the wrong hands. Securing systems against hackers and effectively securing the systems against cyber attacks is another facet that needs to be addressed,” he said in an interview.
But more specifically, how could an automated lane keeping system make your car prone to hacking?
There are two ways a cybercriminal could access the system: remotely and physically.
Most often, a remote hack requires access to the car from outside the system, in which case the vehicle must be connected in one way or another to the Internet. For example, one way to hijack a car could be through a companion mobile app that’s installed on a smartphone and which doesn’t properly encrypt communications, thus allowing a malicious actor to intercept the data and find a way to get inside the car.
Once they do that, they could eventually hijack other features and compromise systems like ALKS.
A physical attack is obviously a lot more difficult because someone with such a goal needs to get inside the car and connect to the ECU. Of course, the likelihood of such a hack to happen is much lower, but on the other hand, exploiting a vulnerable system with physical access to the software is actually a lot faster because it doesn’t require finding an alternative way to compromise the system.
At this point, it’s all about to ALKS developers to make sure that everything is properly protected, but without a doubt, more software in a car means more interest from hackers across the world too.
Google News