Car Hacking: Safeguarding Your Connected Car

the console of a connected car in the middle of a car hacking

the dangers of car hacking

Computer viruses are nothing new. The brutal lessons learned from those who’ve survived them make us more cautious when surfing the digital wave on our devices. But how often do we think of our vehicles as motorized computers? Today’s automobiles include operating systems that provide climate control, fuel efficiency, satellite-based entertainment, automated safety features and more. Basically, we’re driving smartphones on wheels, something we tend to forget. Our vehicles are more connected than ever and with the automotive industry constantly innovating, they will only become more so. Because of this sophistication, concerns about the strange new cyber threat of car hacking are being raised.

Yes, we know car hacking isn’t exactly new. And other than a disgruntled former Texas car dealership employee’s remotely bricking 100+ vehicles to set off their horns and disable their operating systems, no actual malicious car hacking incidents have been reported. However, the infiltration of the Jeep Cherokee driven by WIRED Magazine writer, Andy Greenberg, on a Missouri highway by white hat hackers Chris Valasek and Charlie Miller is just one of many that have shown how vulnerable these systems are to cyber attack. White hat hackers are individuals who infiltrate computer systems in order to highlight security problems for companies to fix. They’re the good guys of the hacker world, those who find the weaknesses–sometimes even hired by businesses to do so–and share them with the manufacturers to help them strengthen their programs.

Black hat hackers, however, are the ones who break into the wireless network systems for malicious purposes. These are the bad guys of the hacker community. And as automobiles become more connected–self-driving cars–the need for lawmakers to take a legal stand to protect you and your 21st-century cutting-edge automobile from what is felt to be the inevitable actions of these perpetrators becomes more vital.

Car Hacking 101

Per the Tech Target website’s IoT Agenda, car hacking is “the manipulation of the code in a car’s electronic control unit (ECU) to exploit a vulnerability and gain control of other ECU units in the vehicle.” The ECU is your vehicle’s brain. It controls your entire engine. So, if someone’s able to hack into it then he or she is capable of making your automobile do pretty much anything he or she wants. And when you’re talking about a 6,000 pound hunk of moving metal, that’s rather scary.

Strict hacking laws proposed

As cars get smarter and more communicative, the ability to infiltrate them via a wireless network gets easier. Your vehicle talks to your phone via bluetooth, your MP3 player through the AUX cord, interfaces with other cars (V2V) and even sends signals to law enforcement through its license plate (automatic license plate readers or ALPR). With so much wide open access, it raises the issue of not just how would someone plug into your vehicle’s system, but when. 

Two pieces of legislation, in particular, are gaining notice. Michigan State Senator Ken Horn and Michigan State Senate Floor Majority Leader Mike Kowall have teamed up to propose that car hacking in their state be punishable by “life or any term of years” in jail. Meanwhile, the Security and Privacy in Your Car Act of 2015 or SPY Car Act is a federal plan sponsored by U.S. Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.), both members of the Commerce, Science and Transportation Committee. The bill requires the National Highway Safety and Transportation Administration (NHTSA) and Federal Trade Commission (FTC) to collaborate on creating new standards for automakers to meet in regards to cyber security in their vehicles.

The NHTSA has actually been researching safeguards to combat car hacking for several years and continues to expand its knowledge in order to better address these concerns. Its Office of Vehicle Safety Research specifically focuses on ways to “strategize, plan, and implement research programs to continually further the Agency’s goals in reduction of crashes, fatalities, and injuries.” Part of that is addressing car hacking.

A meeting of the minds in legislation and the auto industry

Connected cars and autonomous vehicles are considered the safest solutions to the rising automobile fatality rate – 35,200 deaths were reported in 2015 with 94 percent due to human error, hence the recent announcement about legislation to encourage and regulate the technology. Because of the desire to put even more wirelessly-connected autos on the roads it’s vital to make sure they can be operated safely. In January, U.S. Department of Transportation (DOT) Secretary Anthony Foxx announced the unprecedented collaboration between DOT, NHTSA and 18 automakers to address preparations for combating cyber threats to vehicles. A document called the Proactive Safety Principles 2016 outlines four key areas of security focus  and lists the partners who have signed on. These categories are Enhance and Facilitate Proactive Safety, Enhance Analysis and Examination of Early Warning Reporting Data, Maximize Safety Recall Participation Rates, and Enhance Automotive Cybersecurity.

In his statement, Secretary Foxx pointed out, “We all know that the performance today’s vehicles achieve is due in large part to an increasing amount of computer hardware and software under the hood and behind the dashboard. And the era of automated vehicle technologies will add to that. So we have pledged to work collaboratively to mitigate cyber threats that could pose unreasonable safety risks.”

A wealth of ports of entry

the various internal ports of entry for car hacking

a car’s electrical system

The hardware and software Secretary Foxx mentions have many ports of entry to the inner workings of your vehicle that leave it that much more exposed. Chris Valasek and Charlie Miller proved the fragility of cyber security not just once but twice in the same Jeep Cherokee they took over from Andy Greenberg. The first time was done over the internet and Fiat-Chrysler prompted responded by fixing the issue. However, a second attempt prior to the August Black Hat conference showed that the two researchers could affect a more dangerous hack when plugged into the ECU under the dashboard to send messages to the car’s internal systems known as the controller area network  or CANbus. It pointed out not only how someone plugged into the electronic control unit could attack the vehicle’s brain, but that doing so over a wireless network is still an issue.

Consider this scenario: you take your car to the shop. The mechanic plugs into your automobile’s ECU to gain instant access to the CANbus, adjusting and fixing whatever’s needed. Great.

But, while the auto repair person is communicating with the inner workings, it leaves your car’s digital door open for anyone else with enough know-how to hack into your on-board diagnostics (OBD) portal via remote. This is also the port into which you plug the dongle your auto insurance company gave you to track vehicle miles traveled (VMT). So imagine that all of the information floating around in there is vulnerable to anyone with a little car-hacking savvy to break in and control your car without your say so.

The OBD isn’t the only susceptible spot. There is the in-vehicle infotainment (IVI) capability that connects with everything from navigation systems to gaming and movies that can play on the screens in your backseat for the kids. Your bluetooth can be enabled so you can speak hands free – a law in some states – to any of your contacts in your cellular network. And every time you engage in wireless activities while you’re driving – upgrade a phone app, listen to driving instructions, access music – your vehicle’s system is open to anyone who wants to come in.

Five quick DIY anti-car hacking tips

Today’s connected cars are super efficient, wonderfully eco-friendly and incredibly convenient.  They are also machines that have created a whole information highway of their own by allowing access to their operating systems through different portals and devices in a unique way. Right now, the possibilities of being a victim of car hacking are rare. However, the concern that it’s only a matter of time before black hats decide to give it a go are real. While lawmakers work on auto legislation and car manufacturers innovate to keep you and your vehicle secure, you too can take some simple steps to help yourself.

In the spirit of “forewarned is forearmed,” here are five steps you can take to protect your car and yourself:

1. Know Your Mechanic

Make sure you’re familiar with the person who works on your car. That OBD he’ll plug into gives him all-access to everything inside your engine’s brain. Protect it.

2. Watch what you plug into your dashboard

Be careful with the USBs and flash drives you plug into the ports in your dash. Know the source of the information you downloaded to transfer to your vehicle’s brain. Malware has been known to be uploaded into the car’s operating system through these sticks, thereby compromising it.

3. Familiarize yourself with your OBD port and check it

Find the port and check it from time to time to ensure it doesn’t look tampered with and no strange dongles are connected. If you notice anything amiss, contact your carmaker.

4. Use your car key to lock and unlock your car

Scanning your wireless key fob system is the easiest thing to hack on your automobile. Every time you use it, it sends out a signal that can be plucked to allow someone to get inside your vehicle and steal it, the contents or meddle with your controls.

5. Keep up with system updates

Just as with your phone and computer, your car’s digital brain requires periodic updates. Get them installed immediately. Some of these need to be done by the dealer and others can be done by yourself. However, it’s best to work with your automaker to ensure these are being handled appropriately. If nothing else, it will walk you through installations and help you should you discover something amiss with your automobile.

Familiarize yourself with your car

Ultimately, keeping in tune with your vehicle will help you stay on top of any issues that could arise. This is a new age of automotive innovation that opens up amazing opportunities, but with those come a slew of possible dangers. Legislative inroads are being made in an effort to protect connected car owners, but these are still in the proposal stage. Taking an active role in the security of your automobile now will prepare you for the autonomous road ahead.

, , , , , , , , ,

Cooperative Adaptive Cruise Control (CACC): A Path Toward Greater Road Efficiency

In 1945, a blind engineer named Ralph Teetor invented cruise control, the popular automobile feature that most modern citizens can’t live without. Since that time, cruise control systems and their technology have evolved into even “smarter” technologies called adaptive cruise control (ACC).

ACC employs radar sensor technology to automatically adjust a vehicle’s speed based on its surroundings. In support of collision avoidance, a car with ACC automatically slows down if it senses that the car in front of it is too close.

Patented by General Motors in 1991, this technology, which was once reserved for luxury vehicles alone, is far more common, having been embraced by the likes of Honda, Subaru and Kia Motors. Information Handling Service (IHS), an industrial analyst group, predicts that by 2020, at least seven percent of the new cars on any given lot will sport ACC.

Extending adaptive cruise control capabilities

Cooperative adaptive cruise control (CACC) adds another layer of complexity and sophistication to ACC functionality. In lay terms, vehicles equipped with CACC “talk” with each other via wireless V2V technology.

According to California Partners for Advanced Transportation Technology (California PATH), the connected nature of CACC vehicles allows them to “follow more closely, accurately, and safely, with braking and accelerating done cooperatively and synchronously.”

This is possible because cars with CACC don’t just sense the presence of one another; they communicate with one another. In short, CACC vehicles do the following:

  • maintain a consistent speed when unobstructed (like any cruise control)
  • adjust distance from other vehicles based on radar sensor data (like ACC)
  • receive GPS data from surrounding vehicles and share it with others (the CACC innovation)

Selecting the gap

Both ACC and CACC technology allow drivers to manually select the gap of time they prefer to maintain between their own vehicle and others on the road.

With ACC, the minimum time gap is approximately one second, whereas with CACC, that figure dips as low as 0.6 seconds.

Theorists believe that a shorter time gap between cars would lead to a “managed lane” effect, in which traffic flow could be more effective, reducing traffic congestion by encouraging commuters to adhere to more predictable traveling schedules.

ACC & CACC: Weighing the pros and cons

CACC is a relatively new extension of ACC, and as such, is not yet widely available to the public. Researchers are currently weighing the pros and cons to see if this new technology is suitable for public roads. Here are some advantages and disadvantages to consider regarding each of these technologies:

ACC advantages

  • ACC is less of a leap from traditional cruise control than CACC and, therefore, is easier to gain consumer buy-in. AAA reports that current owners “have a very high opinion of it, with 76-93 percent of survey respondents reporting that they would buy the system again.”
  • AAA reports that “[N]early half of respondents said that the system helps relieve stress,” and “[a]bout a third of respondents said that the system made them a safer driver.”

ACC disadvantages

  • Feedback information from the ACC system is relative and based on the behavior of surrounding vehicles. It does not, however take into account potentially unsafe driving habits of those vehicles.
  • ACC allows vehicle-to-vehicle (V2V) adjustments but not vehicle-to-infrastructure (V2I) adjustments.
  • ACC has a negligible effect on lane capacity because of the longer time gaps involved.

CACC advantages

  • CACC technology increases lane capacity by decreasing time gaps between cars.
    • Increased lane capacity results in lower fuel consumption, greater fuel efficiency and other environmental benefits.
  • CACC allows for advancements in the safety of complete traffic systems on the whole, including lights and other components of the infrastructure.

CACC disadvantages

  • Having only some vehicles with CACC capability defeats the purpose, since the feature depends on V2V communication.
  • The connected nature of CACC raises some questions about user privacy, as well as vulnerability to hackers and other scammers.
  • In the event of a collision involving CACC vehicles, liability would be difficult to determine.

Additional considerations pertaining to both technologies are that they are currently cost prohibitive, and neither has a long enough history to have garnered much by way of statistics on safety usage.

 Waiting on legislation

ACC technology employs the same radar technology that will one day be a staple component of self-driving cars, according to auto expert Sridhar Lakshmanan of the University of Michigan-Dearborn. While the prospect of autonomous automobiles is certainly an exciting one, the majority of Americans are still waiting for state legislation to define and legalize the technology. Still, a handful of states have succeeded in making political advances toward the testing and funding of such cars, including Illinois, New York and Texas.

When Teetor invented the first cruise control system more than 70 years ago, we have no way of knowing if he foresaw his invention evolving into a technology where cars and trucks “converse” with one another. As with so many things, what was once only science fiction is now finding a place in reality. For now, full CACC technology remains just out of reach for the general public, as researchers and experts continue to explore both its benefits and drawbacks.

, , ,

V2Gov Is Not New, You Just Didn’t Know About It

As smart cars continue to evolve, so too will the infrastructures that will soon be able to directly communicate with these cars.

Via vehicle-to-vehicle (V2V) communication, every new car on the road will be wirelessly talking with every other new car on the road. With capabilities including the ability to control steering for parking, engaging brakes, and even car diagnostics, V2V car controls will oversee everything from traffic management to stopping a vehicle from entering a dangerous intersection.

While all this might seem a little creepy, as vehicle-to-vehicle communication becomes more widespread, vehicle-to-government (V2Gov) communication will evolve into a common and extremely useful tool. Enabled by connected vehicle technology and eGovernment (eGov) strategies, the objective of V2Gov is to reassess, optimize and automate the delivery of vehicle-related public services to businesses and drivers. Technology, particularly the internet, has enabled greater interaction between public agencies and citizens, making vehicle-related transactions more time- and cost-efficient and convenient.

Currently products like those that offer seamless electronic vehicle registration are the first step in paving the way for expanded V2Gov communication.

V2gov is not a new concept. In fact, there are platforms that have been communicating information about vehicles to government for years. A perfect example of the benefits of eGov via V2Gov communication include the synchronization of electronic toll collection (ETC).

ETC was developed to help eliminate the delay on toll roads by collecting tolls electronically. Utilizing an automated vehicle identification (AVI) system, ETC determines whether the cars passing are enrolled in an ETC program, alerts enforcers of those that are not, and electronically debits the accounts of registered car owners without requiring them to stop.

According to GCN, the national newspaper for government computing and communications, currently 34 states utilize one of more than 115 different ETC platforms. The largest of which, the E-ZPass network, is supported in 15 states. However, there is no single ETC system that enables motorists and truckers to pay tolls in every state. The electric transponders that most tolling stations use often aren’t compatible with transponders in other states, so travelers from out of state are stuck paying cash or purchasing an additional transponder.

The tolling systems in various states are not connected today because some states restrict and limit which states have access, making easy electronic transponder travel beyond reach for now. Establishing a national ETC standard would not only make travel easier, but also provide a seamless step towards further improving road safety.

ETC is only one example of V2Gov communications’ digitally improving our travel lifestyle in the United States. It will also help improve law enforcement on roads through AVI, provide invaluable information on traffic patterns to improve our highway infrastructure, and even assist in the development of even smarter smart cars.

As it continues to develop, V2Gov has great potential to help build the digital relationship between a vehicle, owner, government and business.

,

“Talking” to Connected Cars: The Future of Transportation and V2X/V2V Technology

How “connected cars” are transforming the way we drive and “talk” to other cars, dealers, manufacturers and government agencies. 

By Don Armstrong, CEO, Motor Vehicle Software Inc. (MVSC)

The term “connected car” seems to be all over the news these days. From CO2 reductions via zero emissions vehicles to a no-accident future with self-driving cars to cybersecurity for preventing “car hackers,” the ever-growing connected car world is literally going warp speed ahead. In fact, driving what is now a virtual “computers on wheels” is changing how we get around right now and in the future for consumers, dealers, manufacturers and even government agencies.

As a pioneer in motor vehicle software technology, I wasn’t surprised at the findings in a recent report by Navigant Research titled Connected Cars: Vehicle-to-X Communications and Supporting Technologies: Global Market Analysis and Forecasts. “One of the key enabling systems for success is the provision of real-time data to vehicles, drivers, and pedestrians through vehicle-to-external communications (V2X) using dedicated short-range communications (DSRC),” says the report.

This DSRC is the key in “connected” and your car is the container or bottle. What happens in between here and 50 or so years from now will probably be nothing short of a spectacular ride into a sustainable transportation future.

Will self-driving cars make accidents a rare occurrence? Will drivers turn into “riders,” who spend their in-car time working or listening to music or even participating in a meditation session complete with black-out windows, low lights and zen music? Perhaps that’s using a little too much imagination, but the possibilities seem wild and wonderful to generations of car drivers and owners. Plus, a connected car world is already helping solve urban traffic congestion and pollution problems.

As part of the new “intelligent transportation infrastructure,” I have been part of overhauling vehicle registration network systems to make owning a car finally fly into today’s digital paperless age. But it hasn’t been easy to bring online systems to every dealership-to-DMV-to-owner encounter.

It’s the same with connected cars. There’s lots to consider as V2X communications tech affects everything from hardware to regulators to security to software to regulators to app developers to digital mobile companies such as mine that intersect the car buying experience between owner, dealers, financial institutions, insurance companies and government entities.

Remember when OnStar was launched in the mid-90s? That was the first time cars were relied on cellular communications to connect vehicles to centralized data center. Called “embedded telematics systems” back then, companies such as OnStar would come to invent and provide new advanced technologies like remote locks, remote diagnostics and stolen vehicle recovery.

Today’s V2X technology is quite different. It’s more of a patchwork system of wireless connectivity along short range-communication (DSRC) exchanges. And now, hardware costs for V2X are minimal (from $70-$200 for each new car depending on capabilities), so says Navigant.

One shortcoming in V2X technology, according to the Navigant report, is it is designed to transmit short messages using only a tiny bit of bandwidth and this limits its capabilities. Still, car manufacturers and its billions of customers are already in love with this new peer-to-peer, ad hoc network because of its low operating costs (except for the occasional security certificates).

Automotive researchers like those at Navigant think it’s going to be quite a long time (and most likely limited to urban centers or dedicated driving lanes) before we have fully autonomous vehicles such as envisioned by Google and Apple.

What we will have between then and now – such as what my company provides with automated digital car title and registration systems – is going to be like a long road trip with troublesome valleys, celebratory peaks, dangerous curves and fast-moving straightaways.

Isn’t it great to think about cars that drive for us and computers that register our cars directly without a stop at the DMV? The connected car era is here now and it will be fascinating to see how the lines of communication from vehicle to vehicle and also vehicle to government/government to vehicle continue to adapt.

, ,

Drive Like It’s 2025: Connected Cars Are the Norm and Your Commute is Unrecognizable

Connected Car (definition) — the presence of devices in an automobile that connect the devices to other devices within the car/vehicles and or devices, networks and services outside the car including other cars, home, office or infrastructure.

It is 2025, and connected cars have been the norm for the past five years. Before being connected, I would get in my car and instantly get disconnected from the world. Today, my car alerts me and service personnel to vehicle issues, allowing appointments to be made in less time and with more information about what’s wrong with the vehicle. In addition, software fixes that might have been performed at a dealership now are initiated through the Internet.

Every time I get in my car, I’m reminded just how much I can accomplish, even on a simple drive to the grocery store. You see, connected cars have vehicle-based apps, allowing travelers to easily “customize” their rides. Traffic apps automatically notify drivers – and passengers – when accidents occur or routes are backed up. I used to just sit in traffic for hours without any rhyme or reason. Now I know about any potential delays as soon as they arise, and my car immediately devices an alternative route.

Accidents or road-side emergencies required a call for help once upon a time. Now my car would instantly notify first responders with emergency data in the case of an accident. I really like having the built-in assistance, safety, and vehicle protection features, it makes me feel like my car is protecting me.

But it’s not just the safety and convenience, my car actually knows me. It can “mash” car diagnostic and driver behavior data with smartphone apps, cloud content, and services data in real time. My car is now a resource of “intelligent” information based on where I am, what I’m doing, and what I’ve done in the past. It knows my preferences and then offers assistance, like when the gas tank is low, it shows nearby gas stations.  If I tell my car, “I’m hungry,” nearby restaurants are displayed. It even sends automated text messages to my wife when the traffic going home is bad.

Best of all, my car can practically drive itself. With correction sensors and diagnostic connections, my car’s communications systems interact for the safety of my car and the surrounding environment, I only take over the wheel only when necessary. From steering for parking, to brake engagement, engine-style-controls, all powered by Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) software, my car controls everything from traffic management to stopping from entering a dangerous intersection.

My connected car isn’t just smart, it has actually positively changed my life. Driving is so much more convenient, easy, and far less dangerous. Connected is really the only way to travel.

,