US Fleets Warned Lives At Risk From Connected Cars Hack

Fleet managers are being warned of potentially fatal cyber-security risks of 2020 connected car models that could expose an entire fleet to a malicious hack.

The warning was published by the US nonprofit group Consumer Watchdog whose report finds all the top next year model cars have internet connections to safety critical systems that could leave them vulnerable. Imagining a worst-case scenario, the group’s experts warn that a fleet wide hack at city rush-hour could result in “a 9-11 scale catastrophe with approximately 3,000 deaths”.

Its report, Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off, claims that while automakers have alerted investors over the risks they are hiding concerns from the public as they market connected car services. In a statement, the group alleged, “Ford disclosed to the Securities Exchange Commission in its 10K filing that the company and its suppliers have been the subject of a malicious hack, but the public is blind to the facts”.

The group also claims its report was built on expert knowledge of industry whistleblowers who have remained anonymous fearing the loss of their jobs within the industry. Now it is recommending that every connected car must be fitted with a connectivity kill-switch that physically disconnects the safety-critical systems from the internet. It concludes that future designs should completely isolate safety-critical systems from infotainment systems connected to the internet or other networks.

Jamie Court, president of Consumer Watchdog, said: “Connecting safety-critical systems to the Internet is inherently dangerous design. American carmakers need to end the practice or Congress must step in to protect our transportation system and our national security.”

The group claims its main findings are:

  • Connected infotainment systems link the vehicle’s most critical systems, such as the engine and the brakes and its experts agree that this is a security flaw allowing hackers to control a vehicle’s operations and take it over;
  • It claims expert hackers report that time and money are the only things that stand between them and hacking a fleet of cars;
  • Politically motivated hackers exploiting connected car vulnerabilities to cause maximum damage or injury is inevitable without better security;
  • The car industry’s response when vulnerabilities are exposed is to patch individual security holes and ignore the design problems that underlie them;
  • Viruses can spread using V2V while malicious wifi hotspots can infect any susceptible vehicle that passes within range. Cars can also be infected with “sleeper” malware that wakes at a given date and time, or in response to an external signal, resulting in a massive coordinated attack.
  • The group alleges even the carmakers themselves often do not know the origins of the software they use, nor their true risks. Vehicles from many major carmakers, including Tesla, Audi, Hyundai, and Mercedes, rely heavily on software written by third parties.

— Paul Myles is a seasoned automotive journalist based in London. Follow him on Twitter @Paulmyles_



Leave a comment

Your email address will not be published. Required fields are marked *