Car vulnerability in the digital age

Cars were a mechanical marvel. They were a combination of engineering breakthroughs integrated in a brilliant manner. The mechanical machines provided transportation within cities and long routes. They even got more economical over time and now most people on the planet own a car or have at least travelled in one. With the rise of technology, these mechanical machines evolved into technological instruments. Today, most cars are technology on wheels. There is not much mechanical left in them. Pressing the gas pedal does not move levers, but sends digital signals to the on-board processor. Everything from gas and break pedals, to the radio, to odometer and fuel readings is digital. There are various digital processors in the car and almost every action sends signals to different processors. These processors are similar to the ones on the computer or a smartphone. That means they are vulnerable to hackers. As we have moved to digital cars, the car makers have started hiring computer engineers and security researchers to prevent cars from being hacked. This has also given rise to car security companies that make devices to monitor cars with mobile apps and get alerts when theft occurs.

There have been advancements in hacking car technology which is enabling car thefts using high-tech hacking. Some examples include planting signal catchers in public parking garages and capturing the unique fingerprint of fobs when owners lock and unlock cars. Thieves can then use these captured fingerprints to create fake keys with the same fingerprint and use it to unlock and steal vehicles. There are also hackers that have demonstrated that they can remotely engage breaks in moving cars or prevent them from breaking, by hacking into the on-board central processor in the car. While this is not common, they have certainly demonstrated the vulnerability with technology powered cars. Even Tesla’s Model S was hacked. The attackers could perform all the function that are performed by the on-board touch display. When Tesla was notified about this, they pushed a software update to patch the vulnerability.

Traditional car makers like Ford, GM and Toyota still build cars the old way. They are manufactured, sent to the dealership, and sold. Thats the end. Customers then bring them for servicing periodically. Tesla on the other hand has made cars into a subscription service. Its like owning an iPhone, where you download a new version of iOS every year that gives you new features on your phone. All Tesla cars get periodic software updates that give them new features like AutoPilot (their assisted driving feature) and other enhancements. They plan to make their self-driving feature a subscription service as well. This makes sense as the capability relies on new data that is collected as people drive everyday and it makes the car smarter over time. This also has another advantage. Fixing security vulnerabilities with software updates. If a researcher finds a way to hack into a Tesla, the company can push a software update to patch the exploit. Traditional car makers on the other hand would have to recall the vehicle, or ask millions of customers to take them into a service station. Or they could even ignore the vulnerability and fix it in their new model for the subsequent year. Cars have transformed from mechanical marvels to technological gadgets and Tesla is the only one that is treating cars like smartphones or computers. The traditional auto makers treat their technological cars like mechanical cars, leaving them open to vulnerability.

Whenever there is a flaw, there are companies to address the gap. With traditional car makers not paying as much attention to these issues (even though they are slowly starting to), companies like Viper are building security kits that can let you control your car (lock, unlock, start engine, etc) using their app. They sell subscription services and provide alerts on theft, GPS coordinates and more. There are new companies like Viper popping up everyday that are addressing this issue. These devices cost as little as $100 and can also be self-installed if you are willing to read up the manuals and buy some tools.

While the vulnerability of cars is not a major concern today, it definitely will be one in the next few years. Imagine a bank van carrying money being hacked to break at a certain location, or a Presidential car being hacked. Even mass hacking of all cars in a city can cause chaos. This is a big security problem for the future and car makers need to start thinking and acting on this issue. Tesla has a head start on this, but all other auto makers need to rework their model of making and selling cars. Meanwhile, security companies like Viper will emerge everyday to address the future needs of car monitoring and security.