Automotive cybersecurity is a problem. Or, more precisely, the lack of this security is the issue. As is becoming increasingly clear, today’s cars are extremely susceptible to cyberattacks, and the situation appears poised to get even worse in the near future. Car manufacturers may be slowly realizing the extent of this danger, but they do not seem fully ready or able to combat the problem.
“The suit highlights the legal risks of highly connected but insufficiently protected automobiles.”
This is likely due to the fact that there has been little in the way of direct incentives to encourage car companies to make cybersecurity a priority. However, a new class action lawsuit – the first of its kind – may change the situation dramatically. The suit, targeting Toyota, Ford and General Motors, puts into stark relief the legal risks that can accompany the rise of highly connected but insufficiently protected automobiles. With this danger in mind, the need for effective cybersecurity tools, such as Klocwork static analysis solutions, becomes undeniable.
Accusations of “known defects”
The class action lawsuit alleges that these automakers sold vehicles featuring “known defects” – specifically, defects that make the cars vulnerable to cyberattackers.
“We shouldn’t need to wait for a hacker or terrorist to prove exactly how dangerous this is before requiring carmakers to fix the defect,” said Marc Stanley, the attorney who filed the suit. “Just as Honda has been forced to recall cars to repair potentially deadly airbags, Toyota, Ford and GM should be required to recall cars with these dangerous electronic systems.”
In a press release announcing the lawsuit, Stanley cited a 2013 study from the Defense Advanced Research Projects Agency and Sen. Ed Markey’s (D-Mass) report “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk.” Both of these sources revealed serious cybersecurity defects present in a range of automobiles.
Helene Cahen, a Toyota owner and the leading plaintiff in the suit, highlighted the car company’s lack of transparency as a motivating factor for the legal action.
“It’s scary to know you could be driving down the highway and a hacker could seize control of your car.” said Cahen. “Toyota never mentions this risk when extolling its technology to sell you the car.”
Writing for Forbes, industry expert Doug Newcomb asserted that the lawsuit may not have much merit, as it is impossible to create a completely hack-proof connected car. However, he also noted that the legal action may have “a chilling effect” on the development of connected car technology.
Yet such an outcome is unlikely. At the most recent Consumer Electronic Show, held in Las Vegas in January, car manufacturers showed off many of their upcoming models, and it became clear that the industry was moving quickly toward greater connectivity. As Vox reported, most of the automotive companies will support Android Audio and Apple Carplay in their new models, allowing users to control their dashboards via their smartphones. This, along with the rise of Wi-Fi capabilities, demonstrates clearly that there is major demand among car shoppers for connected cars. It will take more than the simple filing of a class action law suit to stop manufacturers from responding to this demand.
At the same time, though, all of this goes to show that future cars will likely be even more susceptible to hacking attempts than they are today. As such, more lawsuits are probable unless manufacturers take immediate action to ward off cyberthreats.
Klocwork static analysis tools can play a powerful role in this capacity. Klocwork examines developers’ code as it is created, identifying and highlighted potential flaws and mistakes. This allows the developers to produce much more reliable, hacker-proof applications, which in turn creates more secure car computer systems.