More and more computers are finding their way into cars. Anyone familiar with the daily reports of attacks on home PCs will wonder: how secure is the software in the cars of the future? An assessment by //next columnist Don Dahlmann.
Modern cars are no longer analogue devices, built mainly of sheet metal and plastic. On the contrary: in some vehicles, almost 100 processors are now working to get the vehicle going at all. But in the future, chips and software will become even more prevalent: The infotainment systems alone, which are now more like smartphones, require a lot of computing power and software. Then there are the driving aids, which are controlled by sensors. This makes today's cars highly complex and poses a challenge on many levels. Did you already know? Even the accelerator pedal is now digital and no longer mechanical.
This naturally arouses fears: every day there are new reports that home computers and large networks are being successfully attacked by hackers. Terms like computer viruses and ransomware, with the help of which attackers encrypt the PC and only release it again for a ransom, have become commonplace. The question is, of course, whether a hacker can hijack your own car. It would be a nightmare to start your car in the morning and see on the display that a hacker has taken control.
The problem is of course not unknown to the car industry. In the past, in attempts by universities, there have indeed been successful attacks on early versions of cars' operating systems. In 2015, for example, a team managed to take control of a vehicle, which then led to a recall of the affected cars. However, a lot has happened since then. The topic of software security is at the top of the car industry's to-do list, if only because a successful attack would be a veritable PR gau. Who wants to buy an insecure car?
To prevent the car from suddenly being controlled by a third party in the morning, a huge industry has emerged to take care of security. The systems in the vehicle are already so separated from each other that they could not be paralysed with an attack. Critical systems are also still disconnected from this.
The car industry recognised very early on that it is primarily the networks, i.e. the data transport from the manufacturer to the car and back again, that are at risk. The data that cars exchange with data centres is now so heavily encrypted that the effort required for hackers to attack a single car is far too high.
The situation is somewhat different, however, when it comes to the hardware of the manufacturers themselves. It is quite conceivable that an attacker could gain access to vehicles via the manufacturer's infrastructure. When you hear that even IT companies for data security have already been the target of successful attacks, you can imagine that the car manufacturers are alarmed here.
However, it is not only the security of the manufacturers' data centres that is causing concern: car drivers must also secure their own data stream and their own operating systems. The contacts that the car will have to have with the outside world in the future are also problematic. The autonomous car must communicate with its environment. This includes traffic lights or traffic guidance systems. It is theoretically conceivable that a hacker could succeed in transmitting a malicious code to a vehicle via the data stream of a traffic light.
But how much do we really have to worry about? How realistic is the danger of a hacker attack really? Experts are relaxed. Hackers are usually looking for lucrative targets. The question is also what they would achieve.
Of course, attacks in the future cannot be ruled out. But they are more likely to be directed against the general digital infrastructure. There have already been attempts and successful attacks in the past, such as the one on an oil pipeline in the USA. However, one's own car is unlikely to be taken over by a hacker.
Text: Don Dahlmann