The importance of cybersecurity is well-established. The importance of automotive cybersecurity? Not so much.
That's not to say that this topic hasn't received attention. In the past few months, we've seen a number of media reports and articles covering the growing risk that automotive hacking presents. For example, CBC recently ran a story about a series of hacking-based break-ins in Montreal. At the time, local officials indicated that while they'd heard rumors of similar crimes, this was the strongest evidence yet that automotive cybersecurity may have moved from the theoretical realm into the practical.
"Upcoming car models will be far more vulnerable to potential hackers, putting car owners in serious danger."
Unfortunately, this trend is accelerating. At the recent Consumer Electronics Show in Las Vegas, automotive manufacturers focused a lot of attention on the new, improved computers they will be installing in their cars in the coming years. As Vox reported, this will make upcoming models far more vulnerable to potential hackers, putting car owners in serious danger. That is why we cannot stress enough the importance of software security tools, such as static code analysis and open source scanning solutions, for the automotive industry. Not only can these tools increase the car owner safety, but they can also improve productivity for manufacturers' software development teams at the same time.
As Vox noted, cars have featured computer systems for years. Yet these have not posed much of a cybersecurity risk as they were essentially only connected to one another, with no external access points. Increasingly, though, this is ceasing to be the case. The source pointed to a 2011 study from University of California at Santa Barbara and University of Washington researchers which found at least one recent car model to be extremely open to cyberattacks, thanks to the vehicle's WiFi connection, internal diagnostic systems, music system, emergency assistance system, and more.
As Vox explained, hackers who manage to take advantage of any of these vulnerabilities could potentially gain complete control of the vehicle. Among the damage that they could cause in such a scenario, hackers could:
• Activate internal microphones to eavesdrop on conversations
• Unlock doors to enable theft
• Disable the car’s breaks or take control of the steering wheel
A growing threat
Obviously, the last of these threats is the most serious and the single greatest reason why we emphatically urge all automotive manufacturers to embrace software security solutions for any vehicle featuring advanced computer systems with external connectivity.
Vox noted that while this isn't a huge problem right now, it will become a tremendous issue in the next few years, as the CES showcase made clear. For example, the source pointed out that most car manufacturers plan to support both Android Auto and Apple CarPlay in their upcoming models, as these popular solutions allow users to use their smartphones to control car dashboard touchscreen displays – both of these programs can potentially serve as entry points for sophisticated hackers.
As noted before, automotive cybersecurity is only now becoming a real, practical issue, as opposed to a problem on the horizon. Consequently, many car manufacturers have not taking robust steps in this area as of yet.
That's not to say that no progress has been made. Speaking to Vox, Stephen Checkoway, one of the authors of the above-mentioned study, noted that "[m]anufacturers have definitely taken the issue seriously," and pointed to several organizations dedicated to this topic. And Vox also reported that General Motors recently appointed its first Chief Product Cybersecurity Officer.
"Car manufacturers need to accelerate their defensive strategies, and embedded software security tools should play a critical role in this capacity."
Ultimately, these efforts are admirable, but as of now we have not seen cybersecurity efforts keep pace with the threats facing the automotive industry. Car manufacturers need to accelerate their defensive strategies, and embedded software security tools should play a critical role in this capacity. By embracing tools like Rogue Wave's static code analysis solutions, manufacturers can ensure their developers have the means of producing error-free software with minimal risk of vulnerabilities. These tools will identify flaws early in the software creation cycle, saving development teams a great deal of time – not to mention money. Plus, by automating many of these processes, developers can instead devote their energy toward developing features and working strategically, which further improves productivity and overall effectiveness.
As car computer systems become more elaborate and accessible, automotive hacking is bound to become a bigger story. The sooner manufacturers act to eliminate these threats, the better they'll fare.
• See how automated static analysis and security standards compliance help reduce risks by watching this webinar
• Sign up for our educational series of exclusive videos, articles, and white papers geared towards making you a better automotive developer here