1(630)802-8605 Ravi.das@bn-inc.net

Just last week, I had to take my Honda Civic 2003 car in for some major repairs.  With its age, I had to plunk down some serious money for new front brakes, four new tires, a brand-new emission system, and eventually, a new engine oil gasket and timing belt. 

Some of my friends asked my why I just don’t get a new car altogether instead of spending all this money.  Well, the truth of the matter is, I am very attached to my car.  It really has been like the old faithful these last 10 years, and heck, even at the height of the polar vortex, the car started the first time.

But there is another reason why I have held onto my Honda.  It does not have all the fancy electronic gizmos like the modern cars do, so if there is something that goes wrong with it, the mechanic at the car shop can quickly diagnose what is wrong and fix it within a reasonable amount of time.  But with the cars of today, there are a lot of more electronic gadgets than ever before.

So, if one electronic component goes astray, there is a good chance that other electronics could fall in a cascading effect, thus resulting in more expenses.  I have even wondered as to how such a car could even start in the harshness of the Chicago weather, especially during the wintertime.  Apart from the electronic component aspect of this, most of these cars are also connected to the Internet.

In other words, think of the Siri or Cortana that you have on your iPhone and Android device, and multiply that by a scale of ten.  These cars have their own Virtual Personal Assistants (VPAs) in them and can even drive the car by itself if the driver chooses this option.  Heck, I have even seen one instance where a car owner literally just clapped his hands and his car backed out.

These have also been branded as a “Smart Car”, just like a “Smart Home”, and is a subset of the Internet of Things, in which everything is all connected.  Yes, it is advantageous, but there is a huge side effect to all of this:  The attack surface has just greatly widened for the Cyberattacker, with all these points of interconnectedness which are not secure by any means.

In fact, this fear is now starting to echo across all areas here in the United States.  For example, the  advocacy group in California just launched a report which suggest that a mass Cyberattack against such Smart Cars could have an impact as high as the 9/11 casualties, or perhaps eve greater. 

This report also states that there are millions of cars on the Internet that are running the same software packages.  This means that a single exploit by a Cyberattacker could potentially affect millions of vehicles at the same time.

Also, a Cyberattacker with only few resources can take advantage of this vulnerability in order to launch a massive attack against the United States automotive infrastructure, causing thousands of fatalities and thus, disrupting one of the most critical forms of transportation.

It is important to keep in mind here that this does not just include passenger cars, but it also includes other vehicles such as trucks, military vehicles, emergency vehicles, etc.  In other words, any type or kind of vehicle that has an Internet connection could be at grave risk.  The report also predicts that by the year 2022, more than 70% of new vehicles will have Internet based connections to the cars’ safety-critical system, putting them at risk of the Cyberattacker.

My Thoughts on This

The report has outlined some steps that the automotive industry can take in order to help prevent such a large scale Cyberattack from happening.  Here is what has been proposed:

*There should be a “kill switch” implemented in all these new cars so that it can be disconnected as quickly as possible from the Internet.

*The federal regulators here in the United States should require the automakers to publicly disclose the safety certifications, and testing methodologies that were used to create the software, thus allowing for analysis by independent testing agencies to confirm the validity of the safety features that have been installed.

*The CEO should sign a personal statement stating that they will be held personally responsible and liable for the Cybersecurity of the cars that they manufacture.

*Smart cars should not be connected to the Wide Area Network (WAN) until that is deemed to be hacker proof.

I agree with everything except for the last one.  There is no way in heck that the WAN will ever be hacker proof, if that were to happen, then we would have all our Cybersecurity problems solved.  In my opinion, the security issues that surround the Smart Car is a very tricky one to solve.  Cars with all these fancy gadgets is the wave of the future, there is no stopping that. 

Overall, people want to have that feeling of interconnectedness with everything else, and there is no stopping that either.  The automotive industry is simply responding to the needs and wants of the marketplace, and that cannot be prevented either.

But there are some steps you can take to help make sure that the probability of your new car being hijacked by a Cyberattacker is diminished as much as possible:

*When looking at a new car, keep all the safety features in mind, not just from the standpoint of the car itself, but from the electronic components that it contains;

*Ask your car dealer about the safety features of these electronic components that have been installed, especially if they have been tested and certified by an independent testing organization;

*Ask if there is a so-called Internet “Kill Switch” installed onto your car.  If one does not exist, ask about the possibilities if it can be installed;

*If after asking the above questions, you still do not feel comfortable, conduct a Google search on the car that you want to buy.  If there are negative reviews, then that should be a huge red flag to you.  If you still need more answers, then try to contact the customer service line of the car manufacturer itself – your dealer should be able to provide you the phone number.

If you still have reservations about your new car, then always explore the option of purchasing a used car that does not have so many electronic gadgets associated with it.  There is nothing wrong with that – my Honda has lasted 16 years so far, and it should last for many more years to come!

Finally, the report can be downloaded from the link below:

https://www.consumerwatchdog.org/sites/default/files/2019-07/KILL%20SWITCH%20%207-29-19.pdf