Protecting today’s highly computerized cars from hackers

Today’s vehicles are highly computerized, putting them at a greater risk of being compromised by hackers. Thankfully, researchers are developing a system to protect your car’s software against cyber attacks. Justin Cappos, Professor at New York University Tandon School of Engineering joins Hari Sreenivasan to discuss.

TRANSCRIPT

Today's vehicles are highly computerized, putting them at a greater risk of being compromised by hackers.

Thankfully, researchers are developing a system to protect your car's software against cyber attacks.

Justin Cappos, professor at New York University Tandon School of Engineering, joins us to discuss.

So, you know, people want cars to help them do little things that are, you know, otherwise inconveniences, and some people are really interested in cars driving themselves, but the more computers you put into a car, the more points of vulnerability we have.

Yeah.

Certainly as these systems get more and more complex, there are more and more opportunities for hackers.

Now, it's not actually clear whether having cars that drive themselves or have advanced safety systems are actually more risk or at less risk because effectively, anything an attacker can do with a car, they can probably do today with a car or with a car that doesn't have the safety systems in it, and so those safety systems may actually reduce risk in some ways because they may be fighting against the attacker who wants to go and drive the car into a crowd of pedestrians or things like that.

You know, it used to be the stuff of sci-fi, but we've seen a couple of kind of journalists go out there and do test cases and have the car sort of take over, where they are trying to control it, and they no longer have control, or, at least, the car shuts down in a very inopportune place.

I mean, this is the stuff that people fear, right, and this is a pretty significant hurdle, I would think, in people adopting the next generation of vehicles.

It's a big challenge.

There are a lot of problems in that when you go and you get sold a car, that car is supposed to be operational and work well and not have any sort of major hardware-based updates at least, you don't expect, over an extended period of time, 20, 30 years, the lifetime of a car.

And now there's a lot of things that have been out there and deployed that were made by vendors when maybe security wasn't a primary concern back when those cars first came off the assembly line.

So how do they actually... How do hackers get into our cars?

Well, there's actually a surprising number of different wireless networks that connect to your car, to a modern car, that you don't necessarily think about.

There are some things you might think a little bit about, such as the, like, the GPS or OnStar-style units.

Sure.

But...And, of course, there's the door locks and other things like that, that can go over shorter-wave radio.

But there's also things that you don't really think about.

So some researchers at the University of Washington and UCSD showed that they could go and actually, over the radio, go and get on a car's network because you know how you're in the car listening to the radio, and it plays the name of the station and the song and everything?

Sure.

That's a little computer inside your radio that's showing that, and, you know, like other computers, it might have bugs in it, and if you can exploit that, you can actually do something like, for instance, potentially play something that then takes over those radios and gets an attacker on the network, disables brakes or does other things like that.

So it's one little computer that has a vulnerability that gives the hacker access to other computers that are controlling other systems in the car.

Right.

Yeah.

The car is basically a network of very, very weak computers that are all stuck together doing things, and there's not any real security on that network.

Is there an effort by, say, everyone from Ford and Chrysler and GM in the United States to Toyota and Honda and everywhere else, all the major manufacturers, have they kind of gotten around the kitchen table and said, 'Okay,' or a conference room table and said, 'Here's the thing.

Let's at least agree on this because it's going to be very important to all our consumers, not just our particular brands'?

Well, one of the things that I've been doing in my research is working on a way to securely distribute over-the-air updates within vehicles, and I don't want to name individual companies or others, but I will say that over three-quarters of the cars on the road in the US had representatives from those companies in our meetings, and you can draw whatever conclusions you want about that, but we have substantial vendor presence and actually have had substantial adoption by a lot of different communities because there is this real knowledge that these companies need to do something about security now.

If they don't, there's going to be, you know, very scary times ahead of us.

Justin Cappos, professor at New York University Tandon School of Engineering, thanks so much.

Thank you.