New report suggests the DOT needs to act on Vehicle Cybersecurity
According to a Government Accountability Office report released on vehicle cybersecurity just released (report here), hackers could penetrate high-tech automotive systems using long-range attacks that target cellular connections and short-range attacks that go after Bluetooth controls. If successful, hackers would be able to access steering, brakes, telematics and other critical controls.
DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Realworld Vehicle Cybersecurity Attack
The study surveyed 32 stakeholders in the automotive industry, including eight automakers, three vehicle cybersecurity firms and seven vehicle cybersecurity researchers. A chief concern among experts was that although the National Highway Transportation Safety Administration has established a vehicle cybersecurity program, the DOT at large has not determined a response method in the case of a catastrophic vehicle hack.
Modern vehicles contain multiple interfaces—connections between the vehicle and external networks—that leave vehicle systems, including safety-critical systems, such as braking and steering, vulnerable to cyberattacks. Researchers have shown that these interfaces—if not properly secured—can be exploited through direct, physical access to a vehicle, as well as remotely through shortrange and long-range wireless channels. For example, researchers have shown that attackers could compromise vulnerabilities in the short-range wireless connections to vehicles’ Bluetooth units—which enable hands-free cell phone use—to gain access to in-vehicle networks, to take control over safety-critical functions such as the brakes.
DOT publications have indicated that a modern luxury vehicle could contain as much as 100 million lines of software code. In comparison, a Boeing 787 Dreamliner has about 6.5 million lines of software code (see fig. 2).18 According to researchers and others, the use of software in vehicles is likely to increase as more advanced vehicle technologies and connected vehicle technologies are incorporated. As the lines of software code in vehicles increases, so does the potential for software errors, such as coding errors, and related vulnerabilities.
According to NHTSA, in the context of motor vehicles, cybersecurity is the protection of automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation. Although no vehicle cyberattacks impacting passenger safety have been reported outside of the research environment, our previous work has shown that the sources of cyber-threats vary in terms of the types and capabilities of the actors, their willingness to act, and their motives.
If this report doesn’t scare the DOT into getting its act together nothing will! Over 60-pages of pure terror on wheels that could easily the basis of a script for the next James Bond movie (or Mad Max). As cars become smarter vehicle cybersecurity will be a growing concern!
More Here [GAO Report]