As more and more auto manufacturers adopt the “over-the-air (OTA) updates of software to its ever-more connected and autonomous cars, is the risk of hacker hijacking also increase?
Imagine jumping in your car, but to be taken somewhere you didn’t want to go – towards the traffic, for example, or even over a cliff.
That may seem an extreme case, but the danger is real.
The Hackers demonstrated two years ago that could remotely take control of a Chrysler Jeep.
And earlier this year, the head of Tesla Elon Musk warned about the dangers of hackers to potentially take control of thousands of cars without a driver.
“I think one of the biggest concerns of the autonomous vehicles is that of someone who the pursuit of a fleet-wide hack,” he said, speaking at a meeting of the National Governors Association.
“In principle, if someone was able to… hack of all of the autonomous communities Teslas, you could say – I mean just as a joke – you could say “send them all to Rhode Island’ – across the united States.
“And that would be the end of Tesla, and there would be a lot of angry people in Rhode Island.”
Mr Musk insists that a kill switch “that no amount of software can replace” would be “to ensure that you get the control of the vehicle and cut the link to the servers”, therefore the prevention of the Rhode Island stage.
As cars become more sophisticated, the incorporation of semi-autonomous features such as lane keeping, automatic braking and self parking, and their “infotainment” systems are connected to the internet, the amount of software code required for control of these systems is to fly in a hot air balloon.
Keep all these programs updated software in general have the necessary drivers to visit the dealership.
“For automobile manufacturers and their customers alike, repair-shop visits are a great waste of time and money, and the online updates can significantly reduce this,” says Dr. Markus Heyn, the member of the board of directors of the automotive electronics and processing of supplier, Bosch.
For OTA updates give manufacturers the ability to respond quickly as problems arise. And fixing errors this way is more secure than the physical shipment of USB sticks, which is what Chrysler did to the review of your Jeep.
Critics pointed out that criminals may have hacked USB sticks and sent out their own malware-infected versions instead.
It is not surprising, then, that there are strong moves in the industry sector for OTA updates, which means that new features can be added, and bugs patched, in just an hour or two, all without discomfort for the owner.
General Motors, for example, says it expects the software update engine to use its OnStar network by the end of this decade, thanks to a new electrical architecture for its vehicles.
Meanwhile, Bosch is planning to start offering OTA updates through control units and in-car communication infrastructure developed in-house, the distribution of updates via its “internet of things” (IoT) in the cloud.
Research consultancy IHS Markit estimated that by the year 2022, 160 million vehicles globally, will have the ability to upgrade your on-board computer systems through the air.
Electric car manufacturer Tesla recently demonstrated the benefits of OTA updates when Hurricane Irma was threatening Florida at the beginning of September.
As people are warned they should evacuate, Tesla owners received an unexpected and potentially life saving gift – an extra 45 miles of range.
The ability to go beyond without a reload was already integrated in the car, but it was not available to drivers until the company unlocked extra battery capacity.
“We have a certain number of cars that are sold in a 60kW [kilowatt] price point, but for reasons of efficiency in manufacturing to install a 75kW battery, that people can update,” a spokesman explains.
“A client wrote to us and asked me if it would be possible to temporarily increase as they were planning their route out of Florida.”
Tesla unlocked the extra power by sending a OTA update to the car via wifi or 4G.
But there is no doubt that the OTA updates present a new set of risks.
For a start, we have all, at one time or another, the attempt to update the software on our computer or on the phone, only for the process to go wrong.
An unusable car could be more of a problem of a “bricked” – or unusable – phone.More Technology of Business
What will stop these self-driving trucks collide?
Could wood pulp make cars lighter and more efficient?
Where will the deadly floods in the next?
How the “invisible network” represents a significant threat to the safety
In 2015, 15% of car recalls in the US were related to errors in the software, instead of a 5% four years before.
When the upgrade fails it automatically re-sends, but this does not always have the desired effect. On one occasion, at the beginning of last year, a Tesla software update designed to add an “auto-pilot” feature that is thought to have affected the climate control of thousands of vehicles.
Then, there is the risk of “man-in-the-middle” attacks from hackers intercepting the updates in transit.
This is the reason for the extra special care about OTA updates, says Robert Moran, an expert in car security and connectivity at NXP Semiconductors.
“There are checks at each stage of the upgrade process,” he says. “Software update that comes through the air is going to be received in parallel.
“Only once has passed a series of security controls – does the validation? It is from a reliable source? – is the new software actually used.
“On a different level to what we have with the laptops of today.”
Manufacturers are also addressing the hacker threat by the isolation of the various systems on the car, so that, for example, the radio is isolated from the steering wheel, the power train of the brakes of each system protected by its own encryption.
“In the last instance, as cars have become more connected, that makes it potentially create a bigger goal,” admits Mr. Moran, “and the hackers have always altered their techniques as technology changes.”
But, he argues: “The fact that we can give over-the-air updates is a security feature in itself because it gives us the ability to respond and make changes.”
Car manufacturers know that consumer trust is crucial, therefore, safety is paramount. The big question is whether they are cleverer than the hackers. Follow the Business Technology editor Matthew Wall at Twitter and Facebook
Click here for more Technology of Business