Find Your Credit Union

Automotive Cyber Security: Keeping Hackers Out of Cars

By Evelyn Kanter, January 28th, 2017

Cyber security is becoming increasingly important, whether you are a politician, surfing your personal laptop or smartphone, or driving your car.

Now that vehicles are turning into computers with steering wheels and tires, hacking into them to cause accidents is a real threat. But there are real computer geeks working to prevent it.

"Attacks will get easier and more profitable unless we take steps now to make to make it harder," Justin Cappos tells me as he explains a new cyber security program called Uptane, designed to identify and kill vehicle software bugs before the bad guys can exploit them.

Cappos is an assistant professor of systems and security at New York University's Tandon School of Engineering. He's part of a team of 30-somethings working with software and vehicle manufacturers to prevent hackers from disabling your steering or brakes, locking you out of or inside your vehicle until you pay a ransom, or stealing your identity through the apps and emails you link to your vehicle's infotainment system.

NYU has partnered with the University of Michigan Transportation Research Institute on the Uptane security system, which is being offered free to any vehicle-related company. Its creators also are inviting hackers to try to break the codes, as a way of identifying flaws. What?

You may remember recent headlines when hackers broke into a 2014 Jeep Cherokee and remotely disabled it while it was driving in traffic. Those guys -- thankfully -- were cyber security researchers, and the flaws they found prompted Fiat Chrysler to fix the bugs in the software.

"We want hackers to look at what we are doing and help us find and fix issues before they impact lives," Cappos tells me. He is deadly serious (pardon the pun) when he contemplates hundreds of deaths because hackers disconnect steering or braking across a manufacturer's model line or entire model year.

Automotive cyber security also involves financial security, via the cyber version of corporate espionage. Consider these scenarios: a rental car or trucking company disables the vehicles of its competitors to put them out of business, or cyber criminals cause enough accidents in vehicles of one manufacturer that their sales and stock price drop.

Cappos explains that there are as many as 100 tiny computers in today's vehicles, from ones controlling cabin climate and the pre-tensioner in your seatbelt to the one with as many as a million lines of code driving your infotainment and navigation system. That's more than the F-22 Raptor, one of the most high-tech military aircraft in use today, according to Industrial Safety and Security Source.

They all communicate with one another, so the brakes know you've engaged cruise control, the rear-view cameras know you're backing up out of the driveway, and so on. Also, the computers communicate with external sources, like Bluetooth and GPS. Every one of those connections has hidden dangers that can occur whenever software is updated. Updates, he explains, tell hackers where the vulnerabilities are, since updates are designed to fix them.

A big problem with automotive cyber security is that vehicle manufacturers generally use the same software, from tip-of-the-tongue suppliers such as Google and Microsoft to smaller tech companies such as Docker, Fedora, Apache, and GitHub. That means hacker-prone glitches also are shared by many vehicle manufacturers.

So one of the Uptane solutions is a "dual key" security control. Think of it as similar to the nuclear launch codes, which require two operators to throw the switches, or turn the keys, simultaneously. Uptane's automotive cyber security version requires changes to codes from two different software providers at the same time, making it that much harder for hackers.

Cappos says he wants to make automotive hacking a "moving target." In the meantime, he continues to drive his beloved 1977 Chevy Corvette, a purely mechanical car model with no computers. He admits with a smile that he has a higher risk of an accident, because it has no high-tech safety systems like lane-departure warning and adaptive cruise control, but a lower risk of being hacked.

Toyota Robots: New Home Health Aid of the Future


Toyota Robots: New Home Health Aid of the Future

Building upon technology established for autonomous cars, Toyota Research Institute (TRI) is developing household robots to help people age in place, with a higher quality of life. In other words, Toyota is working on robots to help people enjoy their sunset years in their own homes.

Car's AI Gets Snippy If It Feels Disrespected


Car's AI Gets Snippy If It Feels Disrespected

While out for a drive in a new Mercedes-Benz A-Class, a friend and I were having a conversation that happened to include a number of words that sounded like "Mercedes." Programmed to audibly respond to the phrase, "Hey Mercedes," the car repeatedly interrupted our chat, asking what it could to do to help.

Growth of In-Car Delivery with Ford, GM, Honda, Volvo


Growth of In-Car Delivery with Ford, GM, Honda, Volvo

Time was, if you missed a delivery; you'd have to get into your car and go pick up the package at the carrier's distribution center.

Off Lease Vehicles

Hundreds of one owner, off-lease cars, trucks & SUVs with low mileage at a great price!

Additional Resources

Most Researched

2018 Honda Accord EX
EX 4dr Sedan
2018 Jeep Cherokee Latitude
Latitude 4dr SUV
2018 Audi A4 2.0T ultra Premium
2.0T ultra Premium 4dr Sedan
2018 Toyota RAV4 LE
LE 4dr SUV
2018 Ford F-250 Super Duty XL
4x4 XL 2dr Regular Cab 8 ft. LB Pickup