It’s both heartening and disheartening to see the recent surge in reporting on the topic of automotive cybersecurity. On one hand, the growing amount of attention given to the subject helps to ensure that car manufacturers and owners will be better prepared to deal with these threats in the coming years. At the same time, though, many of these reports are discouraging, suggesting that the automotive industry is simply not sufficiently prepared for the cyberthreats it now faces.
“The automotive industry is now playing catch up – never a good position to be in.”
A good question to ask is “Why?” Why is the automotive sector so susceptible to cyberattacks? Certainly, one of the biggest reasons is simply that car manufacturers failed to take the issue of cybersecurity as seriously as they should have over the course of the past decade or so. As a result, the industry at large is now playing catch-up – never a good position to be in.
But that’s not all. There are also a number of factors that are unique to this sector, which have made cars particularly vulnerable to hackers. Companies in this sector need to acknowledge this issues and then take preventative action – a step that should include the adoption of static code analysis tools.
A connected target
One of the biggest reasons why cars are becoming such popular targets for hackers is the interconnected nature of the vehicles and the systems they contain. Dr. Anuja Sonalker, lead scientist and program manager at research firm Battelle, emphasized that while the potential reward for hacking a single vehicle will be minor in and of itself, it can pave the way to a bigger breach.
“What hackers, we believe, are going to try to do is they are going to springboard off of a car that they can hack to get into the infrastructure, to try to get into financial institutions, to try to get into anything else where the car is a legitimate user of that system,” Sonalker explained, as CBS Detroit reported.
Writing for Lexology, Michael Overly of the law firm Foley & Lardner recently emphasized this same point.
“Carmakers, dealerships and their suppliers and vendors have developed extremely large databases of consumer information, ranging from customer preferences, to financial information, to driving statistics, to location-based data,” Overly explained. “These huge databases make tempting targets for hackers.”
And that’s not all. Overly further emphasized that modern car systems are frequently interconnected in terms of networks spanning between manufacturers, dealerships, suppliers and beyond. At the same time, cars increasingly include features dependent on wireless Internet connections. All of this creates more potential access points for cyberattackers to target.
“The interconnected network of all those systems is only as strong as its weakest link,” Overly wrote. “If one system is compromised, the others may fall.”
In addition to connectivity, cars have become tempting targets for hackers thanks to the complexity of their systems. Overly noted that the software featured in typical high-end automobiles will often consist of more than 100 million lines of code. By comparison, the original space shuttle relied on only 400,000 lines of code.
With so much inherent complexity, the likelihood that a given car’s systems will include a software bug is incredibly high, and such flaws may provide vulnerabilities hackers can exploit to access the system as a whole.
All of this has several major implications. First, hackers are likely to increase their attacks on the automotive sector in the coming years, thanks to the growing value that such efforts may produce. Second, the increasing complexity of cars’ computing systems makes it difficult for companies to protect themselves from such cyberattacks.
Difficult, but fortunately not impossible. With the right tools and strategy, car manufacturers can go a long way toward fending off these threats.
Klocwork static analysis tools are essential in this capacity. Klocwork identifies potential code vulnerabilities and other problems in real time as developers work. This means that programmers can continue to focus on their project goals at maximum speed without sacrificing security – Klocwork will detect security issues automatically. Not only does this improve the reliability of a given piece of code, but it also ensures that defects are identified earlier, making them much simpler and less costly to correct.