About 75% of new cars will be equipped with online connectivity by 2020 and will be vulnerable to hackers, Assistant Attorney General John Carlin said Tuesday.
“The same innovations that revolutionize the auto industry create vulnerabilities if not carefully deployed. Connectivity creates access. Potential access to vehicle control systems could be used against us to undermine the very safety the technology was designed to provide,” said Carlin, who was speaking at a Society of Automotive Engineers event in Detroit.
Last month, the FBI, along with the Department of Transportation and the National Highway Traffic Safety Administration, released a public service announcement warning that cars are becoming “increasingly vulnerable to remote exploits” through USB, Bluetooth or Wi-Fi technology in the vehicle. The announcement warns that not only is any data shared on the vehicle’s computer susceptible, even more alarming is the possibility of having your car exploited remotely that could allow someone the “ability to manipulate critical vehicle control systems,” the announcement said.
The possibility of a hacker breaching a car’s technology to gain control of its operations came to light after two security researchers, Charlie Miller and Chris Valasek, hacked into the connectivity of a Jeep Cherokee and demonstrated they were able to remotely hit the brakes, drive the car off the road or make electronics go haywire. That hack led to a recall of nearly 1.5 million vehicles.
Whether it be a cyberattack, the theft of intellectual property or outright terrorism, Carlin told the Society of Automotive Engineers that the auto industry is a “valuable target for all types of hackers” who want the valuable information and infrastructure of car manufacturers.
In an effort to reduce the number of opportunities hackers could breach cars, Carlin implored auto makers to “design with security in mind,” saying that it will be cheaper for companies to engineer cybersecurity controls from the beginning of the design, as opposed to patching a vulnerability after a breach is discovered.