Top Stories
Top Stories
Autos

Auto engineers warn your car might be easier to hack than you think

Key Points
  • Automakers are increasingly loading new cars with infotainment systems, self-driving features, Wi-Fi, cellular connections and more that put drivers and companies at risk
  • Some 84 percent of security professionals and auto engineers surveyed worry that automakers aren't keeping pace with the rapidly changing security threats. 
  • Some 63 percent of respondents said they test less than half of hardware, software and other technologies for vulnerabilities.
XtockImages | Getty Images

As auto makers roll out ever more sophisticated features to make your daily commute easier, the upgrades are also making your new car more vulnerable to cyberattacks, according to a new report.

"As more connected vehicles hit the roads, software vulnerabilities are becoming accessible to malicious hackers using cellular networks, Wi-Fi, and physical connections to exploit them," data protection research group the Ponemon Institute said in a report released Wednesday. "Failure to address these risks might be a costly mistake, including the impact they may have on consumer confidence, personal privacy, and brand reputation."

The institute, which surveyed auto engineers and IT professionals, said 84 percent of respondents worry that automakers aren't keeping pace with the industry's rapidly changing security threats. Automakers are loading new cars with infotainment systems, self-driving features, Wi-Fi, cellular connections and more that leave companies and consumers vulnerable to security breaches, according to the study commissioned by automotive trade group SAE International and cybersecurity firm Synopsys.

"Unauthorized remote access to the vehicle network and the potential for attackers to pivot to safety-critical systems puts at risk not just drivers' personal information but their physical safety as well," the study found.

Back in 2015, hackers took over a Jeep Cherokee in order to show how they could infiltrate the system and control steering, brakes and transmission — all from a laptop miles away. Fiat Chrysler, which makes the Jeep, issued a warning to vehicle owners to go to update their cars online, but some systems are still vulnerable.

"The industry has been slowly moving to a software-based environment, and as that's happened a lot of researchers found weaknesses and those weaknesses are now being used by various types of attackers," said Art Dahnert, automotive security practice lead with Synopsys.

The survey was sent out to over 15,000 IT professionals, product developers and automotive engineers, and a final sample consisted of 593 responses.

A majority of those surveyed said automakers don't have enough resources to combat the threats, and 62 percent of those surveyed said their organizations do not have the cybersecurity skills needed to protect themselves.

The study is one of the latest efforts to show how smart technology can make vehicles vulnerable, especially when smart cars are on the rise. The Insurance Information Institute estimates 25 percent of cars on the road in 2030 will autonomous, or self-driving. And IHS Markit estimates that connected cars will make up 65 percent of new car sales by 2020.

Symantec, for example, introduced a car security offering in 2016. BlackBerry, a longtime cell phone maker, ventured into automotive safety through BlackBerry QNX, a software focused on safety that is now in over 120 millions cars.

"The biggest thing related to security is managing the life cycle of software and managing the life cycle of security; You constantly have to manage the security on a daily basis," said Kaivan Karimi, senior vice president and co-head of BlackBerry Technology Solutions. "It's an ongoing process of securing the life cycle of the car."

Automakers are also going public with their efforts to keep their cars safe. Mitsubishi went public Jan. 21 with its latest technology to protect connected cars against increasing threats.

"Automotive companies are still building up needed cyber security skills and resources," according to the survey. "Sixty-three percent of respondents stated that they test less than half of hardware, software, and other technologies for vulnerabilities."

Dahnert said the automotive industry should work on hiring more people who understand automotive-related security issues and train employees to watch out for potential issues.

FBI's tips for keeping your vehicle safe:

  1. Keep your software up to date
  2. Exercise caution when making modifications to vehicle's software
  3. Use discretion when connecting third-party devices
  4. Be aware of who has physical access to your car