It’s 2020 and, as you start your premium family vehicle for the morning commute, something is wrong. The 20in touchscreen is dead. Suddenly it flickers into life but instead of the usual map there’s a message: “Your car’s computer has been locked. We control your data, brakes and steering. To unlock your computer you’re obliged to pay a fine of $200”.
“It may sound like fantasy but this could happen,” says Alex Moiseev, managing director of the European arm of software security specialist Kaspersky Lab, as he sits in his high-tech London office. “It happens with desk computers now. It’s just a question of time before the bad guys move into your car, too.”
Moiseev should know. Kaspersky is contracted by Ferrari F1 which, at each race, relies on hundreds of sensors to provide thousands of data points in real-time — monitoring tyre pressure, fuel burn efficiency, brake force and so on — that are wired to laptops scrutinised by race engineers. It’s Moiseev’s job to ensure not a single kilobyte of top-secret data is infiltrated.
Although F1 connectivity gives engineers a competitive edge, the introduction of so much wireless data has created a minefield, too, potentially jeopardising production-line security, the company’s internet provider and even the driver’s safety.
On any race weekend, says Moiseev, there’s a notable increase in malware traffic, so protecting systems and data has never been more important, especially as, in common with other manufacturers, today’s race car wizardry is tomorrow’s road-car driver safety aid.
The shocking ease with which a car’s computers can be hijacked was graphically illustrated last year when US hackers remotely took control of a Chrysler Jeep’s core functions — including brakes, wipers steering and transmission — during a dramatic filmed stunt.
It’s the very scenario that rival software security firm SQS is now hired by leading motor manufacturers to prevent. To date, says Stephen Morrow, its head of security services, cybercrime has resulted largely in legal exposure and asset theft for firms such as online shopping giant Home Depot and Sony Pictures Entertainment, which suffered major hacks last year. Soon, Morrow predicts, attacks will move into the automotive arena, with potentially catastrophic results.
“Nobody is getting hurt yet, but as we start putting software in cars that are connected by internet, we are getting to the point where computer security intersects with public safety and human life. This is where things get much more serious,” he says. “Recent stunt hacks demonstrate that these vulnerabilities affect safety.
Manufacturers need to get on top of things and take security much more seriously.”
Moiseev says the global motor industry got off to a very slow start. “It did not take cybercrime seriously enough — until recently,” he says. “For years automotive firms bought open-source software to run the 40-60 computers now controlling functions in the average car. Who vetted the people who wrote the codes? What bugs already lie dormant in our vehicles, waiting to be manipulated?”
Fortunately for motorists, the fightback has begun. Moiseev painstakingly created a Ferrari race simulator complete with pitwall at Kaspersky Lab’s London HQ which, when driven, is searingly lifelike. Technicians use it to attack-test Ferrari’s telematics, seeking — and remedying — weak points to keep race and road cars safe.
In a closely guarded backroom — spurred by a monitor dramatically identifying real-time global cyber threats — technicians write new, bulletproof, codes for clients’ in-car computers.
Asked if it was doing enough to protect drivers’ safety, the UK’s Society of Motor Manufacturers and Traders said: “Vehicle manufacturers are investing billions to make cars safer and more intelligent. Data security is paramount to the automotive industry. Manufacturers are striving to stay one step ahead of organised criminals and monitor for potential breaches.”
Auto cybercrime has also become a hot topic at security conferences where experts, meeting in locations including Michigan, Detroit, San Francisco, Detroit and Shanghai in the past year, exchange intelligence.
The SMMT says more than half of new cars registered in the UK in 2015 had safety-enhancing collision warning systems, with other technologies such as adaptive cruise control, autonomous emergency braking and blind-spot monitoring surging in popularity.