Sei sulla pagina 1di 4

automotive > tag this

The age of
automotive
hacking is here

And it will continue as we aspire to remain connected.


By Sindhu Nair

58 > QATAR TODAY >AUGUST 2015

QATAR TODAY > AUGUST 2015 > 59

automotive > tag this

A
With increased
connectivity, it is
natural that there are
increased threats and
with the customers
rising expectations for
more such advanced
vehicles, the risks are
only going to multiply.
Jon Allen
Principal
Booz Allen and Hamilton

scene from a Hollywood flick: the


antihero sits on a garden seat,
jabs on his laptop and soon the
protagonists car cruising past
turns off the road abruptly (as the
air bag gets activated remotely)
and crashes into the woods, off the path. As
the hero lies unconscious, the antagonist
reaches inside the car, picks up the suitcase
which was a central piece of evidence and
walks away casually. Welcome to the age of
car hacking.
But the big news is that this is no longer a Hollywood plot. A similar, if not so
vicious, scene was enacted by two security
researchers, Charlie Miller and Chris Valasek, who can be called good guys of the
internet last month during a demonstration at the Wired offices. They wirelessly
hacked a Jeep Cherokee that was being
driven by Andy Greenberg from Wired,
taking over dashboard functions, steering,
transmission and brakes.
Result: Chrysler last month announced
a formal recall of 1.4 million vehicles
that may be affected by hackable
software vulnerability in its Uconnect
communication system. The recall
involves just a rehaul or an upgrade of the
software which can even be executed by the
owner himself.
But that is surely not the end of the
hacked cars story. It is just the beginning of
what could happen to the new-generation
cars connected to the internet and hence
are potentially hackable.
Miller and Valasek remotely accessed
Greenbergs Jeep Cherokee to demonstrate
the potential dangers that the highly
interconnected cars of the new age possess.

While this was supposed to have affected


only cars in the US, what does it say about
potentially hackable cars in the Middle
East? What defences do cars have against
these latent threats? The Jeep Cherokee
dealers in Qatar, United Cars AlMana,
commented that the hacking incident does
not affect Middle East vehicles since it was
through the satellite radio system in the US
which is not activated here. How about the
fact that anything that communicates with
remote networks is potentially vulnerable
and non-existent data security only makes
a network more attractive for attackers?
Think of GPS navigation, wireless locking
systems, connectivity to another device,
and the most frightening thought is that,
while the choices of connectivity that the
new gen cars offer are increasing, the same
diligence is not being preserved to keep
these devices safe.
Jon Allen, Principal at Booz Allen
and Hamilton, believes that the Middle
East customers are at equal risk: With
increased connectivity, it is natural that
there are increased threats and with the
customers' rising expectations for more
such advanced vehicles, the risks are only
going to multiply.
Imagine the Middle Eastern passion and
love for cars and connectivity and the days
are numbered when the consumer here
will demand more of both. There are very
high chances that the full version of what
we mean by connected cars will be a reality
and it could even be pioneered here in the
Middle East, says Allen.
With the popularity of the Internet of
Things and with 4.9 billion connected
things predicted to be in use in 2015, up

Part of the process

For Dr Hamid Menouar, who heads the Connected Cars research at Qatar
Mobility Innovations Center, the Jeep hack is not surprising. Its a highly
expected turn of events as the technology is not mature yet. Connecting cars
to the internet is still quite new and we are still in the phase of accumulating
experience. We had similar troubles when we first started connecting phones
to the internet, if you remember. Years of research and experience have helped
us make the mobile phone safe and thats what will happen with our cars as
well, he says. Interestingly, the news hasnt caused as much of a stir at QMIC
as it has in the outside world. For us, this doesnt affect the status of things. We
consider this very normal in the cycle of a new technology. And people like the
two researchers who hacked into the Jeep will help us continually find gaps in
the security system. Its an integral part of the quality assurance cycle to test for
and fix problems.

60 > QATAR TODAY >AUGUST 2015

30% from 2014 and estimated to reach 25


billion by 2020 (figures by Gartner Inc),
the possibility of its disruptive impact is
a reality. The automotive sector will show
the highest growth rate at 96% in 2015,
says the same report. The proliferation of
IoT devices also dramatically increases the
attack surface and creates attractive new
targets for malicious threats, says Allen.
The digital shift instigated by the
Nexus of Forces (cloud, mobile, social
and information), and boosted by IoT,
threatens many existing businesses. They
have no choice but to pursue IoT, like
theyve done with the consumerisation
of IT, says Jim Tully, vice president and
distinguished analyst at Gartner.
Two US senators have already taken
note and are working on legislation. Ed
Markey and Richard Blumenthal are
trying to introduce new legislation thats
designed to require cars sold in the US
to meet certain standards against digital
attacks and privacy. An investigation by
Markey in February 2015 found that nearly
100% of new cars on the US market today
may be vulnerable to security and privacy
violations, and automakers have done little
to prevent them. In order to understand the
ability of automobile companies to protect
the safety and privacy of drivers, letters
were sent from Markeys office to 20 major
automobile manufacturers with questions
regarding technology, security precautions,
and privacy policies. Responses were
received
from
16
manufacturers,
while Tesla Motors, Aston Martin, and
Lamborghini did not respond to the letters.
Volkswagen and Audi responded with
a single letter and are together treated
in the findings as a single responding
manufacturer.
Some
manufacturers
(notably Hyundai and Toyota) provided
detailed, question-by-question responses,
while others (notably Mercedes-Benz and
Porsche) wrote generic statements on their
commitments to security and privacy that
were non-responsive to the questions that
were posed. But that does not prove that
the automotive sector is not concerned.
The matter is much more complicated,
the majors will not be directly aware of
the malfunctions of the devices within the
automotive industry, says Allen. There
is a supply chain progression within the
sector which makes it very difficult to go
down the levels and understand where
it originates.
Allen says that the automotive industry

has taken note and is already working on


the issue with automakers and government and is currently working on security
systems and tests. The National Highway
Traffic Safety Administration is involved
and legislation will have to be put in place
but what is heartening is that the industry
has agreed to share information, just as
the retail and oil and natural gas industries
have done, and the industry is moving to
create an Auto ISAC (Information Sharing
and Analysis Centre) to address information security issues, and the fact that they
have decided to do so before any major
hacks is an encouraging step in mitigating
such threats. Another is ensuring directors
and officers are appropriately educated
regarding information security risks, says
Allen. He has his three-point recovery system in place that he wants the automotive
industry to follow: One is to manage the
risk, and contain it. Second is to provide a
framework on how to handle the risk, if and
when it happens, as it does take some time
to figure out how many vehicles are affected
or if it just a single threat. To understand,
and then recover it. Thirdly, to go down the
supply chain, however tedious that might
be, and to single out the issue and clog it at
that point to avoid it mounting to a bigger
concern. So as we move on to an era when
your vehicle will direct you to the grocery
store and remind you (as it is connected
to your supercool and connected refrigerator) to pick up milk for the day, we also
move on to an era where a faceless predator would be tracking this very routine and
planning to intrude... Scary and true. Allen
interrupts my horror rumination and says,
As the cars get connected so will there be
devices to make sure that they are secure.
The market for security devices within the
cars will also grow as the opportunities are
vast.
Soon there will be options with which a
customer can decide on the level of privacy
he requires in a car, adds Allen. He can
have an option to turn the connectivity off
and thereby lose capability or be connected
and be a potential target.
In the end, it is not about the success
or failure of technology but how it affects
us. As Allen puts it, The concept of the
Internet of Things is useful but ultimately
limited, because it fails to place the citizen,
the consumer, the human at its centre. The
Connected Society is not about how things
will connect with each other; it is about
how we will live

Security researchers Charlie Miller and Chris Valasek


wirelessly hacked a Jeep Cherokee, taking over
dashboard functions, steering, transmission and brakes.
PICTURE COURTESY: WIRED

QATAR TODAY > AUGUST 2015 > 61

Potrebbero piacerti anche