Cars that connect to the internet will be vulnerable to hackers for a decade, one of the world’s leading IT security experts has warned, highlighting the struggle ahead for carmakers as they try to combat the risk of cyber attacks. Eugene Kaspersky, the founder of Kaspersky Lab, said today’s vehicles were “more safe but less secure” because of the array of gadgets they carry, from safety sensors and GPS trackers to music-streaming capabilities and high-speed internet links.
As car manufacturers add more connected technology to their vehicles, on-board computers have opened new avenues for cyber intruders who would find “more and more methods to attack private cars”. Mr Kaspersky, a former Soviet intelligence officer, said it would take years for governments and carmakers to implement ways to protect vehicles from hackers. “For a long period of time, the cars will be vulnerable,” he said.
“The definition of good security is that the attack must cost more than the possible damage. We can reach this level — but I am afraid that may be for a decade, maybe less.” By the end of the decade some 250m vehicles will be directly connected to the internet, according to research group Gartner. More than half the cars sold in the UK last year — about 1.5m — had internet-connected safety systems, according to trade body SMMT.
Most modern cars have between 50 and 60 computers on board, which handle processes from music and temperature to assisted steering and brake control. They communicate with each other across a platform called the Controller Area Network, or CAN Bus. But this connectivity means that hackers who access one part of the car are able to take control of another, Mr Kaspersky said. “Unfortunately the bad guys are getting smarter.” Last year hackers in the US took remote control of a Jeep Cherokee through its radio and disabled its steering and braking, in a controlled exercise to test what was possible.
The move led to a recall of 1.4m vehicles by Fiat Chrysler, and triggered industry fears over the potential for accessing cars externally, something many had previously thought was impossible. Because auto components that go into the car computers come from all over the world, international co-ordination is required to protect vehicles from attacks, he said.