Find Your Credit Union

Automotive Cyber Security: Keeping Hackers Out of Cars

By Evelyn Kanter, January 28th, 2017

Cyber security is becoming increasingly important, whether you are a politician, surfing your personal laptop or smartphone, or driving your car.

Now that vehicles are turning into computers with steering wheels and tires, hacking into them to cause accidents is a real threat. But there are real computer geeks working to prevent it.

"Attacks will get easier and more profitable unless we take steps now to make to make it harder," Justin Cappos tells me as he explains a new cyber security program called Uptane, designed to identify and kill vehicle software bugs before the bad guys can exploit them.

Cappos is an assistant professor of systems and security at New York University's Tandon School of Engineering. He's part of a team of 30-somethings working with software and vehicle manufacturers to prevent hackers from disabling your steering or brakes, locking you out of or inside your vehicle until you pay a ransom, or stealing your identity through the apps and emails you link to your vehicle's infotainment system.

NYU has partnered with the University of Michigan Transportation Research Institute on the Uptane security system, which is being offered free to any vehicle-related company. Its creators also are inviting hackers to try to break the codes, as a way of identifying flaws. What?

You may remember recent headlines when hackers broke into a 2014 Jeep Cherokee and remotely disabled it while it was driving in traffic. Those guys -- thankfully -- were cyber security researchers, and the flaws they found prompted Fiat Chrysler to fix the bugs in the software.

"We want hackers to look at what we are doing and help us find and fix issues before they impact lives," Cappos tells me. He is deadly serious (pardon the pun) when he contemplates hundreds of deaths because hackers disconnect steering or braking across a manufacturer's model line or entire model year.

Automotive cyber security also involves financial security, via the cyber version of corporate espionage. Consider these scenarios: a rental car or trucking company disables the vehicles of its competitors to put them out of business, or cyber criminals cause enough accidents in vehicles of one manufacturer that their sales and stock price drop.

Cappos explains that there are as many as 100 tiny computers in today's vehicles, from ones controlling cabin climate and the pre-tensioner in your seatbelt to the one with as many as a million lines of code driving your infotainment and navigation system. That's more than the F-22 Raptor, one of the most high-tech military aircraft in use today, according to Industrial Safety and Security Source.

They all communicate with one another, so the brakes know you've engaged cruise control, the rear-view cameras know you're backing up out of the driveway, and so on. Also, the computers communicate with external sources, like Bluetooth and GPS. Every one of those connections has hidden dangers that can occur whenever software is updated. Updates, he explains, tell hackers where the vulnerabilities are, since updates are designed to fix them.

A big problem with automotive cyber security is that vehicle manufacturers generally use the same software, from tip-of-the-tongue suppliers such as Google and Microsoft to smaller tech companies such as Docker, Fedora, Apache, and GitHub. That means hacker-prone glitches also are shared by many vehicle manufacturers.

So one of the Uptane solutions is a "dual key" security control. Think of it as similar to the nuclear launch codes, which require two operators to throw the switches, or turn the keys, simultaneously. Uptane's automotive cyber security version requires changes to codes from two different software providers at the same time, making it that much harder for hackers.

Cappos says he wants to make automotive hacking a "moving target." In the meantime, he continues to drive his beloved 1977 Chevy Corvette, a purely mechanical car model with no computers. He admits with a smile that he has a higher risk of an accident, because it has no high-tech safety systems like lane-departure warning and adaptive cruise control, but a lower risk of being hacked.

COVID-19: Online, Contactless Car Buying

04/04

COVID-19: Online, Contactless Car Buying

Giving new meaning to the phrase "going viral," the COVID-19 pandemic has sidelined the car business. In an effort to counter the effects of the disease on the industry, manufacturers are offering zero-percent loans, payment deferrals, and other forms of financial assistance.

Tech-Driven Fast Laps: Tesla Track Package

03/21

Tech-Driven Fast Laps: Tesla Track Package

It's time to update your database if the thought of running a Tesla on a racetrack fails to compute for you. While performing that download, you might also want to recall Tesla gleefully presented the "Ludicrous Mode" to the world back in 2015. Introduced for the brand's flagship Model S sedan, this power setting gave Tesla's large four-door the ability to accelerate from 0-to-60 mph in an astonishing 2.8 seconds.

Hummer Electric Truck: Fall 2021

02/15

Hummer Electric Truck: Fall 2021

General Motors is preparing for a quiet revolution with the reinvention of one of its most imposing vehicles -- the Hummer. Expected to come to market in the fall of 2021, the GMC Hummer Electric Vehicle pairs capability with zero emissions.

Off Lease Vehicles

Hundreds of one owner, off-lease cars, trucks & SUVs with low mileage at a great price!

Additional Resources

Most Researched

2020 Honda Accord EX
EX 4dr Sedan
2020 Jeep Cherokee Limited
4x4 Limited 4dr SUV
2019 Audi A4 2.0T quattro Premium
AWD 2.0T quattro Premium 4dr Sedan
2020 Toyota RAV4 Limited
AWD Limited 4dr SUV
2020 Ford F-150 Lariat
4x4 Lariat 4dr SuperCab 8 ft. LB