Feature Articles

Are we ready for connected cars?

By Kenny Yeo - 14 Dec 2015

Are we ready for connected cars?

The modern automobile is incredibly smart. New BMW models can even perform diagnostics on themselves without needing to go to the workshop. 

In today’s fast pace and increasingly connected world, we demand everything to be online. The first to go online were our computers, then our phones, and now it seems that there’s a connected version of everything. If you look around, you can even find a smart flower pot that connects to the web to learn when is the best time to water plants. And since research tells us that we are spending more time stuck in our cars than ever, it makes sense to have cars with online connectivity for entertainment and all sorts of other nifty features.

Online connectivity in cars opens up a whole new world of possibilities and features. On the most basic level, cars that can connect to the Internet can have a much wider selection of entertainment options, through music streaming apps or online radio stations. On a more advanced level, some connected cars are able to quickly alert emergency services should an accident occur. They can even transmit preliminary accident reports and notify relevant specialists about the type of accident and what kind of help needs to be rendered.

Needless to say, such connected cars are make day-to-day living more pleasant and are also safer to drive. However, being connected brings about a set of new problems for cars. The Internet can be a wild place and security is a key concern especially in face of the recent spate of high profile security breaches and hacks.

The issue of security and hacking got thrown into the spotlight after Sony Pictures' massive hack last year.

Just last year, Sony Picture was hacked by a group who demanded that Sony cancel the release of the film The Interview, a comedy about the assassination of North Korean leader Kim Jong-Un. This eventually led to the leak of films including Fury, Annie and Mr. Turner, and also emails involving Sony Picture executives and actors. The hackers also claimed to have made up with over 100TB of internal files and documents, and also customer passwords, employee details and more. It was one of the worst hacks in history.

But now that cars are becoming increasingly connected, the past few months saw reports of cars being hacked as well. In late July, a report surfaced that documented how a Jeep Cherokee could be hacked. Seated miles away in their apartments, the pair of hackers, Charlie Miller and Chris Valasek, sent commands to a test vehicle - a 2014 Jeep Cherokee - to demonstrate a program they developed that would allow them to remotely control the vehicle. In a video demonstrating their hack, they fiddled with the air-conditioning, blasted the in-car entertainment system and also turned on the wipers, all while seated miles away from the car in the comfort of their home. On a more serious note, they also showed that they could control the car’s steering, kill the engine, and even disable the brakes.

 The 2014 Jeep Cherokee.

Not long after, researchers at the University of California in San Diego also demonstrated how they could remotely hack a 2013 Chevrolet Corvette via a connected insurance dongle. This dongle was designed to be used by insurance companies and trucking fleets to monitor vehicle’s location, speed and efficiency. The researchers found that by sending SMS messages to these dongles, they could transmit commands to the car’s CAN bus and remotely control the car. The CAN bus is an internal network that is used to control the car’s physical driving components. Stefan Savage, the computer security professor who led the project at the university, gave a damning verdict about his findings and said that these dongles provided multiple ways in which hackers can use to remotely control just about anything on vehicles. 

Ever since the first Model T rolled out from the Ford Factories, automakers have been obsessed with security, but of a different kind. Thanks to inventions like the seat belt, air bags, anti-lock brakes, crumple zones and side impact beams, cars have never been safer than they are today. A recent test showed that in a head-on a collision at similar speeds, a Renault Modus supermini with a 5-star NCAP rating will actually fare better than a large Volvo 944 Estate, even if the latter was about 500kg heavier. However, as cars become increasingly connected, it’s time for automakers to focus on another type of security - cybersecurity. The problem, it seems, is automaker’s inexperience in the workings of the cyberworld and their naivety when it comes to security protocols. 

Security researcher Samy Kamkar recently demonstrated a bug in GM’s OnStar service that would allow a hacker to impersonate as an owner and gain access to the car. He also said that this bug could possibly work also for BMW and Mercedes-Benz cars. “Some of the things that I’m finding are not crazy. I’m finding very common vulnerabilities that have been known about for at least a decade in the cyber security world,” Kamkar said. More worryingly, he also stated that security researchers are only scratching the surface of what is possible.

Fortunately, there’s a glimmer of light at the end of the tunnel. Some automakers and companies have recognized that more needs to be done. Chrysler, the parent company of Jeep, quickly issued a recall of 1.4 million vehicles after Miller and Valasek alerted them of their cars’ vulnerability. Metromile, the insurance company involved in the insurance dongle hack described earlier, also swiftly released a security patch to all of its devices after learning about the hack. Metromile CEO Dan Preston also said, “We took this very seriously as soon as we found out.”

Thanks to advances in technology, cars have never been safer from impacts. But are automakers forgetting something?

Others, however, are reluctant to admit that there’s a problem. A spokesperson from Mercedes-Benz, for instance, wrote in response to Kamkar’s claims that the company does not wish to “engage in speculation about potential hacks (often the result of extreme manipulation) that have very little likelihood of occurring in the real world and create unnecessary concern.”

Cybersecurity surround connected cars was a top topic at this year’s DEF CON hacking conference, and security researchers all agreed that more needs to be done to make connected cars more secure. However, that would require the cooperation of automakers. As for now, the next time you are buying a car, better think twice before ticking that option box for the Internet-connect in-car entertainment system.

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.