Over-the-air updates, software or data delivered wirelessly to cars, pose the greatest risk to automakers amid a growing number of cybersecurity concerns as vehicles become more connected, experts said.
Some automakers use over-the-air updates for noncritical updates to the car, including improving navigation maps or infotainment features. Tesla Inc. utilizes wireless updates for safety systems or fixes, while General Motors Co. and Ford Motor Co. have said they intend to adopt major over-the-air updates soon. Autonomous vehicles could also utilize such updates in the future, which could complicate the path to full adoption of self-driving cars, according to experts.
The road to widespread autonomous vehicle usage has been slow to take off as the industry works through safety and regulation concerns, including cybersecurity risks that can change how a connected car responds to its environment or what it does with the information it collects. Hacking into a self-driving car could cause small to major disturbances affecting other cars in its path, including gridlock or crashes. However, any connected car — with services connected to the internet that can share data — is at risk for cyberattacks, experts said.
While the industry has yet to report any major cyberattacks or breaches, experts say risks to automakers and consumers remain.
There are many vulnerable entry points in newer vehicles that consumers normally do not think about, including the telematics unit connected to the navigation system, the radio display and even the tire pressure monitoring system, said Justin Cappos, a computer science and engineering professor at New York University.
"In general, the biggest risk and biggest concern is going to be attackers that are able to cause vehicles to behave in ways that could cause serious damage and loss of life," he said.
Wireless updates allow automakers to wirelessly send software updates to the vehicle without needing to bring it into the dealer. Tesla has been the only automaker to use over-the-air updates to add major features or fixes to their cars, but both GM and Ford said their vehicles will have the capability for wireless updates beginning this year.
GM's new digital platform will enable such updates over the next four years, starting with the 2020 Cadillac CT5 sedan. Ford said it will start equipping most of its redesigned vehicles in the U.S. with wireless technology in 2020.
Art Dahnert, automotive practice lead with electronic design automation company Synopsys, said over-the-air updates are the most challenging cybersecurity problem.
"A compromise in this system could allow an attacker to install malicious programs or subvert existing applications with their own, which may allow for ransom attacks or even vehicle control," he said. "This could lead to a series of disabled vehicles or even crashes."
A failed security system could allow the vehicle, and individuals within it, to be tracked in real-time, he said, or fool other vehicles and infrastructure into thinking a vehicle is not where it says it is.
Automakers can dedicate more time and money to implementing security during the development cycle while demanding suppliers do the same. Car companies can also team up with security industry leaders to learn how to integrate best practices, including security design reviews and threat modeling during the design phase, Dahnert said.
Security is a key reason why more automakers had not adopted wireless updates, Credit Suisse analyst Dan Levy said.
"You can imagine all the more so as you start to ramp into more pure autonomous usage," Levy said during a Nov. 26 mobility event. "That security is one of the many technical angles that needs to be solved."
Autonomous vehicles, including those by GM's self-driving unit Cruise, use sensors to tell the car about its surroundings.
Source: General Motors
What can automakers do?
Automakers need a sturdy but not perfect security architecture to defend against cyberattacks, Cappos said.
"They need architectures that don't require them to be perfect in the way they do everything operationally," he said, adding that the architecture should not have one single point of failure that one hacker can bypass. Instead, there should be multiple points designed to stop an attacker.
A hacker could change the control code onboard the vehicle or try to feed the sensors wrong information, according to Houssam Abbas, assistant professor of electrical and computer engineering at Oregon State University.
"The cost and practicality of various attacks vary, and this is something people are studying," said Abbas, whose research focuses on detecting the most damaging attacks to critical entry points in autonomous vehicles and how to design onboard defenses.
Cyberattackers and defenders of such attacks will continue to outwit each other, he said, which is why Abbas suggests approaching these security problems in a way that "replicates and parallels the design process, based on formal methods."
For example, when a component is designed, he said, the correct functionality of the component must include that it is immune to attacks.
"It is well-known that bolting on security features after the fact often fails to achieve its objectives because by then the system is too complex to reason about, whether by people or machines," he said.
Jeff Massimilla, GM's vice president of global cybersecurity, said the goal with any connected vehicle is to prevent unauthorized access to the consumer, whether it involves accessing data collected by an automaker or physically changing the functions of the car.
GM, for example, collects data with customers who use its OnStar service, which offers in-vehicle security, emergency services and navigation. Massimilla said consumers can opt out of data collection, but for those who opt in, GM can detect if the data is being pulled by a "bad actor" and respond to it quickly.
"A single point of security is a really bad idea, multiple layers of security is a great idea," Massimilla said. "I won't get too technical, but we just launched our secure digital vehicle platform that is kind of the future of our company from connectivity and autonomy."
The Detroit-based automaker debuted the platform in May 2019 on the 2020 Cadillac CT5 luxury sedan but plans to roll it out to most GM vehicles by 2023. The platform adds faster data processing power and will allow over-the-air software updates.