AutoMobility LA 2017: Securing Our Autonomous Future (Day 1)

Part One of our four-part series recapping the summit’s four days of exhibits, announcements and interactivity 

The 2017 Los Angeles Auto Show kicked off on Friday, December 1st, promising some stellar exhibits, surprise announcements and an immersive motor vehicle experience for all who attend. The show is celebrating its 110th year and has expanded from just 99 cars in Morley’s Skating Rink in Ocean Park, Los Angeles, back in 1907 to taking over virtually every available space of the Los Angeles Convention Center in the city’s Downtown area. However, for those interested in learning even more about what’s coming in the future of cars and the automotive industry as a whole, there is a show before the show in the form of AutoMobility LA, four days of announcements, thought provoking conferences, and first looks at innovative cars.

AutoMobility LA sets the stage from Day 1

AutoMobility LA entered its second year as it took place from November 27 – 30. It was a mecca for those curious about the intersection of technology and cars as well as hoping for a peek at what auto companies have up their sleeves for the future. Over the course of four days, AutoMobility LA covered everything from concerns about cyberhacking in the connected car space to Porsche’s return to its roots and more while also acting as an intensive primer on where the industry is headed.

Secure Mobility jumpstarts discussion

AutoMobility LA 2017’s first day was kicked off by the day long Secure Mobility Summit. This informational conference focused on cyber-security for connected cars and, most specifically, driverless vehicles in general.

Presented by Suits & Spooks founder, Jeffrey Carr, in conjunction with Car and Driver and other sponsors, Secure Mobility included several featured speakers and highlighted five key takeaways:

1 — Get In Front of the Breach

Every car maker is aware that as automobiles become more sophisticated, these machines are more vulnerable to tech savvy interference. Waiting for something to happen rather than being getting in front of it will only lead to worse problems down the line.

2 — Willingness to Invest

Comprehensive security of a car’s technology is expensive. But as each and every speaker said, the cost of NOT doing anything far outweighs being proactive in staving off a cyber-attack before it happens.

3 — Share Information

Auto manufacturers need to trust their competitors with any information that will lead to keeping everyone safe in their cars. Holding back intel regarding hacking of a system or a discovery on how to stop an attack can lead to the entire industry being brought down.

4 — Assume your car is always connected

Any car produced after a certain year is connected to the web in some way. Hands free talking through your dashboard, an insurance fob plugged into your onboard diagnostics (OBD) port, and that cool infotainment system connect you to the outside world. Your vehicle’s ability to communicate with the internet of things (IOT) means a constantly open digital doorway. However, there’s good news.

5 — Vehicle cyber attacks are DIFFICULT

Some basic internal configurations are shared across all vehicles, true, but ultimately, all those things that define a model’s specific operating system as being different from another model are what also makes them difficult to crack inside. It means if you really want to break into a system to bring a vehicle down, you need to learn everything there is to know about that particular auto’s OS and determine its weaknesses. It’s not so easy to take a car offline, although while a presenter was talking, his cohort was able to hack a navigation system as a demonstration on how quickly and easily GPS’s can be compromised with the right information and tools. Individual cars are generally well-protected, and as they continue to innovate, so does their security. However, commercial fleets share the same OS across a broad range of vehicles, and concern is high on how to ensure thousands of trucks and vans aren’t attacked all at once.

Shared cyber-security responsibility

Most of the ownness on protecting connected cars is on the auto industry, but as consumers of motor vehicles, there must be something we can do. When Sanchi Jayarami, Chief of Investment and Engagement at the National Security Division (NSD) — part of the Department of Justice (DOJ) — was asked what vehicle owners can do to secure their automobiles, she pointed to the risks and concerns discussed and said, “My parents said, ‘This is why we don’t use an ATM and we go into the bank to talk to a person.’ They’re not wrong. It’s important people read about what their car can do. How it works.”

Sanchi added, “I know it’s hard because of all the small print, but they’ve got to do it so they know how their information is being used and how they can protect it. And it’s important for companies to educate their consumers.”

As the first day came to an end, it was clear that the brilliance of the driverless cars and connected vehicles in general is as much a benefit as it is a concern. Both automakers and consumers need to be ready for what the future holds with more innovation, higher level technology, the reach of artificial intelligence (AI) in motor vehicles and the new players coming into the space. Each needs to be responsible for protecting and knowing their vehicles in order to be ready to do whatever is necessary to keep themselves and those they encounter on the road safe.

, , , , , , , , , , ,

Car Hacking: Safeguarding Your Connected Car

the console of a connected car in the middle of a car hacking

the dangers of car hacking

Computer viruses are nothing new. The brutal lessons learned from those who’ve survived them make us more cautious when surfing the digital wave on our devices. But how often do we think of our vehicles as motorized computers? Today’s automobiles include operating systems that provide climate control, fuel efficiency, satellite-based entertainment, automated safety features and more. Basically, we’re driving smartphones on wheels, something we tend to forget. Our vehicles are more connected than ever and with the automotive industry constantly innovating, they will only become more so. Because of this sophistication, concerns about the strange new cyber threat of car hacking are being raised.

Yes, we know car hacking isn’t exactly new. And other than a disgruntled former Texas car dealership employee’s remotely bricking 100+ vehicles to set off their horns and disable their operating systems, no actual malicious car hacking incidents have been reported. However, the infiltration of the Jeep Cherokee driven by WIRED Magazine writer, Andy Greenberg, on a Missouri highway by white hat hackers Chris Valasek and Charlie Miller is just one of many that have shown how vulnerable these systems are to cyber attack. White hat hackers are individuals who infiltrate computer systems in order to highlight security problems for companies to fix. They’re the good guys of the hacker world, those who find the weaknesses–sometimes even hired by businesses to do so–and share them with the manufacturers to help them strengthen their programs.

Black hat hackers, however, are the ones who break into the wireless network systems for malicious purposes. These are the bad guys of the hacker community. And as automobiles become more connected–self-driving cars–the need for lawmakers to take a legal stand to protect you and your 21st-century cutting-edge automobile from what is felt to be the inevitable actions of these perpetrators becomes more vital.

Car Hacking 101

Per the Tech Target website’s IoT Agenda, car hacking is “the manipulation of the code in a car’s electronic control unit (ECU) to exploit a vulnerability and gain control of other ECU units in the vehicle.” The ECU is your vehicle’s brain. It controls your entire engine. So, if someone’s able to hack into it then he or she is capable of making your automobile do pretty much anything he or she wants. And when you’re talking about a 6,000 pound hunk of moving metal, that’s rather scary.

Strict hacking laws proposed

As cars get smarter and more communicative, the ability to infiltrate them via a wireless network gets easier. Your vehicle talks to your phone via bluetooth, your MP3 player through the AUX cord, interfaces with other cars (V2V) and even sends signals to law enforcement through its license plate (automatic license plate readers or ALPR). With so much wide open access, it raises the issue of not just how would someone plug into your vehicle’s system, but when. 

Two pieces of legislation, in particular, are gaining notice. Michigan State Senator Ken Horn and Michigan State Senate Floor Majority Leader Mike Kowall have teamed up to propose that car hacking in their state be punishable by “life or any term of years” in jail. Meanwhile, the Security and Privacy in Your Car Act of 2015 or SPY Car Act is a federal plan sponsored by U.S. Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.), both members of the Commerce, Science and Transportation Committee. The bill requires the National Highway Safety and Transportation Administration (NHTSA) and Federal Trade Commission (FTC) to collaborate on creating new standards for automakers to meet in regards to cyber security in their vehicles.

The NHTSA has actually been researching safeguards to combat car hacking for several years and continues to expand its knowledge in order to better address these concerns. Its Office of Vehicle Safety Research specifically focuses on ways to “strategize, plan, and implement research programs to continually further the Agency’s goals in reduction of crashes, fatalities, and injuries.” Part of that is addressing car hacking.

A meeting of the minds in legislation and the auto industry

Connected cars and autonomous vehicles are considered the safest solutions to the rising automobile fatality rate – 35,200 deaths were reported in 2015 with 94 percent due to human error, hence the recent announcement about legislation to encourage and regulate the technology. Because of the desire to put even more wirelessly-connected autos on the roads it’s vital to make sure they can be operated safely. In January, U.S. Department of Transportation (DOT) Secretary Anthony Foxx announced the unprecedented collaboration between DOT, NHTSA and 18 automakers to address preparations for combating cyber threats to vehicles. A document called the Proactive Safety Principles 2016 outlines four key areas of security focus  and lists the partners who have signed on. These categories are Enhance and Facilitate Proactive Safety, Enhance Analysis and Examination of Early Warning Reporting Data, Maximize Safety Recall Participation Rates, and Enhance Automotive Cybersecurity.

In his statement, Secretary Foxx pointed out, “We all know that the performance today’s vehicles achieve is due in large part to an increasing amount of computer hardware and software under the hood and behind the dashboard. And the era of automated vehicle technologies will add to that. So we have pledged to work collaboratively to mitigate cyber threats that could pose unreasonable safety risks.”

A wealth of ports of entry

the various internal ports of entry for car hacking

a car’s electrical system

The hardware and software Secretary Foxx mentions have many ports of entry to the inner workings of your vehicle that leave it that much more exposed. Chris Valasek and Charlie Miller proved the fragility of cyber security not just once but twice in the same Jeep Cherokee they took over from Andy Greenberg. The first time was done over the internet and Fiat-Chrysler prompted responded by fixing the issue. However, a second attempt prior to the August Black Hat conference showed that the two researchers could affect a more dangerous hack when plugged into the ECU under the dashboard to send messages to the car’s internal systems known as the controller area network  or CANbus. It pointed out not only how someone plugged into the electronic control unit could attack the vehicle’s brain, but that doing so over a wireless network is still an issue.

Consider this scenario: you take your car to the shop. The mechanic plugs into your automobile’s ECU to gain instant access to the CANbus, adjusting and fixing whatever’s needed. Great.

But, while the auto repair person is communicating with the inner workings, it leaves your car’s digital door open for anyone else with enough know-how to hack into your on-board diagnostics (OBD) portal via remote. This is also the port into which you plug the dongle your auto insurance company gave you to track vehicle miles traveled (VMT). So imagine that all of the information floating around in there is vulnerable to anyone with a little car-hacking savvy to break in and control your car without your say so.

The OBD isn’t the only susceptible spot. There is the in-vehicle infotainment (IVI) capability that connects with everything from navigation systems to gaming and movies that can play on the screens in your backseat for the kids. Your bluetooth can be enabled so you can speak hands free – a law in some states – to any of your contacts in your cellular network. And every time you engage in wireless activities while you’re driving – upgrade a phone app, listen to driving instructions, access music – your vehicle’s system is open to anyone who wants to come in.

Five quick DIY anti-car hacking tips

Today’s connected cars are super efficient, wonderfully eco-friendly and incredibly convenient.  They are also machines that have created a whole information highway of their own by allowing access to their operating systems through different portals and devices in a unique way. Right now, the possibilities of being a victim of car hacking are rare. However, the concern that it’s only a matter of time before black hats decide to give it a go are real. While lawmakers work on auto legislation and car manufacturers innovate to keep you and your vehicle secure, you too can take some simple steps to help yourself.

In the spirit of “forewarned is forearmed,” here are five steps you can take to protect your car and yourself:

1. Know Your Mechanic

Make sure you’re familiar with the person who works on your car. That OBD he’ll plug into gives him all-access to everything inside your engine’s brain. Protect it.

2. Watch what you plug into your dashboard

Be careful with the USBs and flash drives you plug into the ports in your dash. Know the source of the information you downloaded to transfer to your vehicle’s brain. Malware has been known to be uploaded into the car’s operating system through these sticks, thereby compromising it.

3. Familiarize yourself with your OBD port and check it

Find the port and check it from time to time to ensure it doesn’t look tampered with and no strange dongles are connected. If you notice anything amiss, contact your carmaker.

4. Use your car key to lock and unlock your car

Scanning your wireless key fob system is the easiest thing to hack on your automobile. Every time you use it, it sends out a signal that can be plucked to allow someone to get inside your vehicle and steal it, the contents or meddle with your controls.

5. Keep up with system updates

Just as with your phone and computer, your car’s digital brain requires periodic updates. Get them installed immediately. Some of these need to be done by the dealer and others can be done by yourself. However, it’s best to work with your automaker to ensure these are being handled appropriately. If nothing else, it will walk you through installations and help you should you discover something amiss with your automobile.

Familiarize yourself with your car

Ultimately, keeping in tune with your vehicle will help you stay on top of any issues that could arise. This is a new age of automotive innovation that opens up amazing opportunities, but with those come a slew of possible dangers. Legislative inroads are being made in an effort to protect connected car owners, but these are still in the proposal stage. Taking an active role in the security of your automobile now will prepare you for the autonomous road ahead.

, , , , , , , , ,