From IIoT World, author Simon Hartley, The State of Auto Cybersecurity: Current Vulnerabilities of Connected Vehicles.
In 2015, Chris Valasek and Charlie Miller grabbed the world's attention by hacking, and gaining control over, a Jeep's dashboard functions from ten miles away. In 2018, the situation hasn't gotten any better. If a vehicle's autonomous or semi-autonomous, it's a cinch it can be controlled remotely. If it can be unlocked and operated via a smartphone app, it's a cinch someone's devised a way to spoof the app and steal the car.
Again, from the article, we're talking about devices that will require code somewhere in the 200 to 300 million line range - basically, a long, long, *long*, technical document. Or, if you like comparing it to literary works, Hamlet to the power of 837,988. That's a lot of stabbings and poison.
Code without mistakes or bugs, of course. Each bug introduces vulnerability. Vulnerabilities can and will be exploited.
That's before you consider that allowing third party software - apps - to have any degree of control over the vehicle means that the app, with all its vulnerabilities, is also a risk factor.
So, for example:
- I need to know where that vampire's been. She always drives that sporty Tesla. OK, spending a point of Digital Intrusion or Electronic Surveillance, whichever the Director thinks suits the task. I'm going to crack the car's GPS with this smartphone app, and see where the Tesla's been for, say, the past week.
- An infotainment system, you say? With a huge touchscreen right in the dash that controls every non-driving function? Well color me impressed. Let's just play with that satellite mapping software … oh, gee, looks like the route you wanted to take is blocked by a car wreck. Best take that recommended detour. No, we haven't set up an ambush there, honest, Hey! I can play videos! Has he got passengers? Cue up that blackmail material, and let's hope his wife is watching.
- No, no, I don't need to have any pools in Digital Intrusion or Electronic Surveillance. I just need to make a Preparedness check, and boom! Here's a sneaky little app I bought off the dark web. Shall we say, a 3-point dedicated Digital Intrusion pool? Why, yes, I think we shall.
- It probably goes without saying, but all these shiny toys need to be updated regularly, a task many users avoid. So known bugs and weaknesses still sneak through, because the necessary defenses weren't installed. Plus, anything that relies on passwords is only as safe as the user lets it be - which often isn't safe at all.
- Oh! I can use this smartphone app to lock and unlock the car, send destination information to the GPS, remotely stop or start the car, send its current location to the app, and run real-time diagnostics. I wonder if that power can be abused in some cunning way …
Of course, all this assumes someone's driving the vehicle. A self-driving car is a different story. This might seem a boon for those bloodsuckers who have to sleep during the day; just add tinted windows and some grave soil, and all your worries drift away. Except if someone's hacked the guidance software then they can tell your car to go, well, anywhere they want. Imagine being delivered to your slayer like a giftwrapped package!
Of course, what's sauce for the goose is good for the gander. Just what are the agents driving these days? A top-of-the-line sportscar, all the better for those thrilling chases? Well, that could be a problem, if the Conspiracy has some half-decent hackers on its side. Maybe it's time to get into vintage muscle cars. It can be tricky to get the parts for a '67 Thunderbird, but at least it won't freak out when someone waves a smartphone at it.
Enjoy!
No comments:
Post a Comment