Any part of a car that talks to the outside world is a potential opportunity for hackers.
That includes the car’s entertainment and navigation systems, preloaded music and mapping apps, tire-pressure sensors, even older entry points like a CD drive. It also includes technologies that are still in the works, like computer vision systems and technology that will allow vehicles to communicate with one another.
It will be five to 10 years — or even more — before a truly driverless car, without a steering wheel, hits the market. In the meantime, digital automobile security experts will have to solve problems that the cybersecurity industry still has not quite figured out.
“There’s still time for manufacturers to start paying attention, but we need the conversation around security to happen now,” said Marc Rogers, the principal security researcher at the cybersecurity firm CloudFlare.
Their primary challenge will be preventing hackers from getting into the heart of the car’s crucial computing system, called a CAN (or computer area network).
And the challenge of securing driverless cars only gets messier as automakers figure out how to design an autonomous car that can safely communicate with other vehicles through so-called V2V, or vehicle-to-vehicle, communication.
The National Highway Traffic Safety Administration has proposed that V2V equipment be installed in all cars in the future. But that channel, and all the equipment involved, open millions more access points for would-be attackers.
It’s not just V2V communications that security experts are concerned about. Some engineers have imagined a future of vehicle-to-infrastructure communications that would allow police officers to automatically enforce safe driving speeds in construction zones, near schools or around accidents.
Given the years long lag time from car design to production, security researchers are also concerned about the shelf life of software deeply embedded in a car, which may no longer be supported, or patched, by the time the car makes it out of the lot.