A new report just released this week by the Government Accounting Office (GAO) doesn’t do anything to console experts that are worried over cyber-security issues with the ever-increasing amount of technology on new automobiles.
The agency says while there may be some short term fixes in the works, a government-sponsored set of cyber-security standards for autos, up to and including autonomous self-driving vehicles, won’t be available until 2018 at the very least.
Meanwhile, the GAO noted that the latest vehicles on the road today contain a number of interfaces, connections between your car and an external network, and that leaves the autos vulnerable to hacking. The vulnerability of these systems is not limited to cell phone and texting applications, but include safety-critical systems like your braking and steering components.
“Researchers have shown that these interfaces—if not properly secured—can be exploited through direct, physical access to a vehicle, as well as remotely through short-range and long-range wireless channels,” said the report. “For example, researchers have shown that attackers could compromise vulnerabilities in the short-range wireless connections to vehicles’ Bluetooth units—which enable hands-free cell phone use—to gain access to in-vehicle networks, to take control over safety-critical functions such as the brakes.”
One of the most alarming issues is the fact that the technology for making the vehicles secure cannot be retro-fitted into existing autos, according to the report. The technology must be installed during the design and production of the automobiles, and many experts are saying that is at least five years down the road.
Even the autos’ diagnostic port, used by dealers and repair shops to access the vehicle’s computer system to initiate maintenance and repairs, and emissions compliance, has the potential for being used by hackers, said many of the stakeholder with which the GAO spoke to gather their information.
The report also said the majority of industry experts would like to see a separation of the safety-critical networks from the non-safety-critical systems on board, with a limit to communication between the two. The realize however that a complete separation may not be practical.
Department of Transportation publications have noted that a vehicle today could contain up to 100 million lines of computer code, according to a report on networkworld.com, and it is likely to increase as more technologies and applications become available. Along with the increase in code comes the likelihood that coding errors will increase as well, possibly leading to additional vulnerabilities and safety concerns.
The agency reported that 26 of the 32 industry stakeholders they interviewed expressed concerns that real-world cyber-security attacks could occur in the near future, and they worry such attacks could have serious safety implications. They add, however, at this time, cyber attacks are quite difficult due to the amount of time and the expertise involved to pull off such an attack, and so far, no attacks have been reported in a real-world environment.