Automotive hacking: It’s a topic we’ve covered on more than one occasion, and one that will undoubtedly return again. Why? Because the threat of automotive hacking is no longer a theoretical concern for the future – increasingly, it’s becoming a real and present danger, one that auto manufacturers are unfortunately not prepared to meet.
The latest evidence of automotive hacking’s growing seriousness could be found at the recent CyberAuto Challenge. Organized by nonprofit research and development firm Battelle, this annual event brings together professionals and students to discuss and explore the realm of automotive cybersecurity. And at the most recent camp for students, a teenager managed to shock the experts by successfully hacking a vehicle, using only a handful of homemade equipment.
As impressive as this young man’s accomplishment was, the real takeaway from this incident is that many cars are woefully vulnerable to potential cyberattacks. To overcome this issue, auto manufacturers need to embrace static code analysis tools like Klocwork, as these solutions are essential for eliminating flaws before they’re checked into the build.
“All of the hacker’s equipment was purchased from Radio Shack for about $15.”
A disconcerting achievement
The CyberAuto Challenge’s organizers have not released much information about the camper responsible for the hack. What is known is that he is only 14 years old and he accomplished his feat with minimal equipment, including a transmitter and circuit board – all purchased from RadioShack for about $15.
“He had an idea about using a wireless transmitter to connect to the car and talk with the vehicle over the CAN bus,” explained Dr. Anuja Sonalker, lead scientist for Battelle’s cyber auto group, Jalopnik reported.
Using these tools, the student managed to gain control of his targeted vehicle wirelessly. He activated the windshield wipers, unlocked the car doors and even set the car’s lights to flash on and off to the beat of a song from his iPhone, TechWorm reported.
According to Sonalker, the hacker was not familiar with the car’s architectures at all, and was able to infiltrate the vehicle’s systems simply by using “script-kiddy” techniques, the source reported.
“It was a pivot moment,” said Sonalker, according to TechWorm. “For the automakers participating, they realized, ‘Huh, the barrier to entry was far lower than we thought.'”
Dr. Andrew Brown, Delphi’s chief technologist, agreed that this successful hack was a major moment for all attendees.
“Witnessing a kid who isn’t even old enough to drive hack into vehicle was a real eye-opener for us,” said Brown, Jalopnik reported.
While Sonalker and Brown are correct in their assessments, their reactions also highlight just how serious this problem is for the automotive manufacturing industry as a whole. Obviously, no car system should hackable by an inexperienced teenager using a small supply of spare parts. But just as importantly, car makers should be well-aware that this is the case. The fact that this development was so shocking shows not only that these companies are underprepared, but also that they don’t truly know how secure – or insecure – their systems are.
This speaks to a broader issue that automotive manufacturers need to face. In many cases, application developers face the task of producing new, improved features on-time and under budget. With this much pressure to deliver, security can unfortunately fall by the wayside. Developers simply do not have the time or resources they need to address these concerns – until it’s too late.
Static code analysis tools, like Klocwork, address this issue by providing real-time flaw detection as developer’s are writing code. A developer who writes potentially problematic code will receive an immediate alert, explaining the vulnerability and where it lies, as well as possible suggestions for avoiding the issue. This allows developers to hit their targets, including deadlines, while simultaneously ensuring a higher degree of security and reliability.
While the threat of automotive is clearly real and growing, our tools can help car companies to shore up their cybersecurity defenses – a necessity in this evolving sector.
• Watch this webinar to learn five ways to create more secure code
• Read this white paper to learn three steps to identify critical coding errors, functional safety issues, and protect your software against attack