Nothing new here, really. Certain parties have been warning about this for some years now.
Report warns of possible mass casualties from automotive cyberattacks
Eric D. Lawrence, Detroit Free Press Published 6:41 p.m. ET July 31, 2019 | Updated 5:30 p.m. ET Aug. 1, 2019
Warnings about connected vehicle vulnerabilities have been a steady drumbeat for years. Now a consumer-advocacy group is putting it in starker terms, suggesting a mass cyberattack against such vehicles could lead to Sept. 11-level casualties.
California-based Consumer Watchdog has issued a 49-page report that paints the dire picture and urges automakers to install 50-cent "kill switches" to allow vehicles to be disconnected from the Internet. The report highlights numerous widely reported instances of remote vehicle hacking, such as a 2015 demonstration involving a Jeep Cherokee left crawling along a St. Louis-area freeway.
"Millions of cars on the internet running the same software means a single exploit can affect millions of vehicles simultaneously. A hacker with only modest resources could launch a massive attack against our automotive infrastructure, potentially causing thousands of fatalities and disrupting our most critical form of transportation," the group warns.
The report highlights what it describes as the key security flaw in connected vehicles, noting that the potential vulnerability is growing because of the increasing number of such vehicles on the roads.
More: GM to hire hackers to find bugs in car computers
Security experts worked with Wired magazine to hack into and take control of a Jeep Cherokee. (Photo: Wired)
"Experts agree that connecting safety-critical components to the internet through a complex information and entertainment device is a security flaw. This design allows hackers to control a vehicle’s operations and take it over from across the internet," the report said, noting that "by 2022, no less than two-thirds of new cars on American roads will have online connections to the cars’ safety-critical system, putting them at risk of deadly hacks."
While noting that over-the-air updates — increasingly embraced by automakers — provide the ability to update software, potentially fixing bugs and making a system more secure, the feature could also open new vulnerabilities, the report said. Such over-the-air updates also provide a way to avoid notifying regulators of issues.
The report said various automakers — Tesla, Daimler, Ford, General Motors and BMW, for instance — have disclosed the cyber risks to their investors.
The National Highway Traffic Safety Administration, the agency charged with regulating vehicle safety, issued a statement on Thursday about the report:
“NHTSA is aware of the report and is reviewing it. In every public safety question, the agency relies on data, science and facts. For vehicle cybersecurity, NHTSA supports a multi-layered protection approach focused on vulnerable entry points, both wireless and wired. Manufacturers should report incidents, threats and vulnerabilities related to cybersecurity to the Automotive Information Sharing and Analysis Center."
Gloria Bergquist, a spokeswoman for the Alliance of Automobile Manufacturers, an industry trade group, suggested the report could be an attention-getting ploy, and she defended the industry's cybersecurity efforts.
"It is not unusual to see groups seeking attention right before the August cybersecurity meetings in Vegas. But today, cybersecurity is a priority to every industry using computer systems, including automobiles. Automakers know their customers care about security, and automakers are taking many protective actions, including designing vehicles from the start with security features and adding cybersecurity measures to new and redesigned models," Bergquist said, referencing an upcoming cybersecurity conference where vulnerabilities found in BMW models are scheduled to be discussed.
Bergquist highlighted various efforts to address the issues, including groups working to develop a unified international standard for automotive cybersecurity. She also said consumers have responsibilities, too.
"Cybersecurity is everyone’s responsibility, and consumers — along with automakers and their suppliers — need to be vigilant. Consumers should exercise good cyber hygiene in all they do, including properly pairing a phone to a car, deleting phone data from rental cars (if paired), and being active in doing the maintenance and updates as requested for phones and vehicles," Bergquist said.
Vehicle-to-vehicle (V2V) communication’s ability to wirelessly exchange information about the speed and position of surrounding vehicles shows great promise in helping to avoid crashes, ease traffic congestion, and improve the environment. But the greatest benefits can only be achieved when all vehicles can communicate with each other. That’s why NHTSA has been working with the automotive industry and academic institutions for more than a decade to advance V2V communication's lifesaving potential into reality.
NUMBER OF MOTOR VEHICLE CRASHES THAT COULD BE PREVENTED USING V2V TECHNOLOGY
V2V: How It Works
What is V2V communication?
Vehicle-to-vehicle (V2V) communication enables vehicles to wirelessly exchange information about their speed, location, and heading. The technology behind V2V communication allows vehicles to broadcast and receive omni-directional messages (up to 10 times per second), creating a 360-degree “awareness” of other vehicles in proximity. Vehicles equipped with appropriate software (or safety applications) can use the messages from surrounding vehicles to determine potential crash threats as they develop. The technology can then employ visual, tactile, and audible alerts—or, a combination of these alerts—to warn drivers. These alerts allow drivers the ability to take action to avoid crashes.
These V2V communication messages have a range of more than 300 meters and can detect dangers obscured by traffic, terrain, or weather. V2V communication extends and enhances currently available crash avoidance systems that use radars and cameras to detect collision threats. This new technology doesn’t just help drivers survive a crash—it helps them avoid the crash altogether.
Vehicles that could use V2V communication technology range from cars and trucks to buses and motorcycles. Even bicycles and pedestrians may one day leverage V2V communication technology to enhance their visibility to motorists. Additionally, vehicle information communicated does not identify the driver or vehicle, and technical controls are available to deter vehicle tracking and tampering with the system.
V2V communication technology can increase the performance of vehicle safety systems and help save lives. There were 6.5 million police-reported crashes in 2017, resulting in 37,133 fatalities and 2.7 million injuries. Connected vehicle technologies will provide drivers with the tools they need to anticipate potential crashes and significantly reduce the number of lives lost each year.
NHTSA IN ACTION
NHTSA is dedicated to advancing the lifesaving potential of vehicle technologies
In an effort to seriously reduce the potential for a vehicle crash on America’s roadways, the Department of Transportation issued a Notice of Proposed Rulemaking (NPRM) that would enable V2V communication technology on all new light-duty vehicles. The V2V NPRM accomplished the following:
Facts. I like that.