Smartphones make your smart cars vulnerable to cyberattacks, says a study
Those who think their vehicles become smarter as they get connected to Wi-Fi networks, will have to think again! A study warns that hackers will get more opportunities to breach vehicle systems that are connected to such networks.
The research, published in the Journal of Crime and Justice, applied a criminal justice theory to current forms of vehicle security and provided recommendations for manufacturers and owners to improve safety. Connecting your smartphone through a USB port gives a hacker backdoor access to data from both your phone and your car. Additionally, Google Android users who can download apps from unverified sites are even more at risk.
"The risk with vehicles isn't just personal data - though that is still a real concern," said Thomas Holt, Professor at Michigan State University in the US. He further stated, "Say the car is compromised and a hacker alters certain alert systems that tell a driver when tyre pressure is low so the emergency brake sensory systems don't kick in. That could lead to loss of life."
The theory Holt applied says that in order for a criminal to act three things need to come together: a motivated offender, a suitable target and a lack of guardian. In the context of vehicle security, he said that motivators and targets are clear, but the presence of a guardian was where vehicles fell short.
"Where we found holes was surprising: there's no one technically responsible for these vehicles' central computer systems," Holt said. "The automotive and equipment manufacturers need to recognise that as it stands, they serve as the guardians in the space, and the onus is on them. They need to take the lead in thinking more critically about data flows, software vendors and how to communicate security with dealerships," Holt added.
Holt explained that in a traditional automotive context, an equipment failure would lead to a recall of the vehicle to fix the problem. However, cyber security is entirely different. "It's critical to think beyond thresholds and recalls because cybersecurity isn't a recoverable problem, but rather one that requires constant system patching updates, installations and new codes written," Holt said.
"This is more complicated but needs to be an active guardian process." Similar to how smartphone manufacturers release security updates, the only way to disrupt the current problem is to have guardians that are consistently, actively updating system software, said the study.
"We need to improve the presence of software guardians and better resources; we also need to think about developing policies to protect users, vehicles and customers," Holt said.