Computers and smartphones used to be the only domain of hackers. However, with today's vehicles being installed with computer chips that affect just about every aspect of the driving experience, security experts say it won't be long before hackers start attacking car computer systems and putting the world's motorists and passengers in grave physical danger.
This is why a group of altruistic hackers that named themselves I Am The Cavalry is calling out to all carmaker chief executives to beef up their security measures against car hacking. In an open letter presented at last week's DefCon hacker conference in Las Vegas, members of the I Am The Cavalry group shared a five-star program that details how the group can provide assistance to automotive companies looking to improve their cars' security against cyber-attacks.
This program includes required testing of all software used in the car, continuous security updates for all software, responsible disclosure to third-party researchers and the installation of a black box that will record events. The group also calls for the segmentation of non-critical systems, such as the car's info-entertainment system, from critical internal functions, such as braking or airbag deployment, for instance.
"New technology introduces new classes of accidents and adversaries that must be anticipated and addressed proactively," writes [pdf] the group in its letter. "The once distinct worlds of automobiles and cyber security have collided. In kind, now is the time for the automotive industry and the security community to connect and collaborate toward our common goals."
The group has also put together a Change.org petition to ask the public's support in encourage the auto industry to increase protection against online attacks on vehicle software systems.
The letter comes hot on the heels of a new report presented in last week's Black Hat conference that listed the 20 most "hackable" cars by exploring a car's attack surface, or the range of features that could be hacked, and how much access to these features gives attackers access to a car's critical components, such as steering and braking. The report also notes how vulnerable cars are to remote commands that can control systems such as parking sensors and automated braking. What researchers Chris Valasek and Charlie Miller found out is that the 2014 Jeep Cherokee and the 2015 Cadillac Escapade are the most vulnerable vehicles to hacking, while Range Rover Sport models 2006 and 2010, Toyota's 2006 electric hybrid Prius and the Ford Fusion 2006 model are the least "hackable."
While the National Highway Traffic Safety Administration reports that it is not aware of incidents that involved the hacking of a vehicle's control system, experts are growing increasingly concerned about the safety of drivers and passengers who could be the next target of wireless attacks by malicious hackers.
The auto industry, however, remains mum on the group's request.
"Our record shows we typically welcome the opportunity to work with a broad array of stakeholders when we have a common goal," says Wade Newton, a spokesperson for the Auto Alliance. He declined to comment specifically on I Am The Cavalry's letter.
