The Future of Car Security

Cars are not excluded from the innovations or accompanying risks of our increasingly digital world. As our vehicles incorporate new technologies, such as wireless vehicle-to-vehicle communication, we need to be aware of the new threat of car hackers.

Last year’s uptick in the theft of high-end cars, including those from BMW and Mercedes, highlights one of the problems that auto manufacturers are facing: the technologies being used to hack the cars didn’t exist when the cars were made.

In just a couple years, the car hacking technology responsible for many BMWs being absconded with went from nonexistent to mass produced. The threat isn’t limited to the rare criminal computer virtuoso. The tool that reprogrammed blank keys to spoof the original BMW keys could be bought for about $30 and used by someone with no technological know-how.

Predicting future criminal tactics can be difficult when the tools they use are evolving rapidly.

Car theft isn’t even the largest concern to automotive security researchers. As we move closer and closer to assisted-driving and even self-driving cars, a malicious hacker could take over a vehicle’s steering, brakes, or other systems while you’re driving your kids to school.

Researchers at the University of California San Diego and the University of Washington have already proven that sophisticated attacks can disable some vehicle brake systems. At this time, these threats are not widespread, because would-be attackers often need to be physically close to the vehicle, and car systems vary greatly between makes and models, reducing the potential for one-size-fits-all attacks. Standards, however, will arise along with security regulations.

Automakers, the U.S. Department of Transportation, and the National Highway Traffic Safety Administration (NHTSA) are prioritizing automotive cybersecurity. Threat modeling is being used concurrently with the development of car technology and vital systems, which necessitate higher security, are being divorced from information and entertainment systems.

Third-party organizations are also trying to head off car security threats. Last August, the nonprofit research and development organization Battelle hosted a summer camp, the CyberAuto Challenge, which brought together high school students, college students, IT researchers, Department of Defense officials, and automotive engineers to discover and predict possible cybersecurity weaknesses.

One of the largest challenges car security innovators face is getting the public to re-imagine the car as a networked computer rather than the stand-alone mechanical device you use to pick up ice cream at 2 a.m. And just as we should not shut down the internet to protect our credit cards, we should not back away from the advances being made in human conveyance. All great endeavors come with risks. We should, however, proceed with caution and continue to invest in security research and development to create a safe future. It doesn’t hurt to keep in mind the words of the BMW representative who issued a response to the spate of thefts in 2012: “There is no such thing as an unstealable car.”