Increasing electric vehicles sales fuel cyber concerns
Environmental considerations are influencing trends on the vehicle market as a significant shift towards electric vehicles seems to be materialising. According to an Irish Times article on 4 January 2022, data from Society of the Irish Motor Industry shows the number of electric cars registered for the first time more than doubled last year, comprising nearly one-fifth of all new registrations.
On 11 January, BreakingNews.ie reported that according to initial registration figures for the first 10 days of the year, hybrids are now the most popular new cars on the Irish market, outselling either petrol or diesel models, which they claim reflects a dramatic change in the Irish market, which was previously dominated by diesel.
The Irish Independent on 16 January reported the words of Fáilte Ireland, the state tourism agency, that “it is looking to the Government’s ambitious plans for a substantial increase in the number of electric vehicles on our roads by 2030”.
But while this is meant to have a positive impact on the environment, it raises new concerns regarding cybersecurity. New cars are increasingly becoming networked computers with an engine attached, so imagine a scenario of ransomware infecting cars, locking them down and demanding payment to make them usable again.
Back in 2014, Tesla’s Model S had been hacked to make the doors and sunroof open while the car is in motion, and the researchers behind the attack were able to control the systems remotely. Two years later a team of researchers was able to hack the controls of a Tesla Model S from a distance of 12 miles, adjusting the mirrors, locks and even slamming on the brakes. To alleviate concerns, in 2019 the company offered $1 million and a free car for anyone who can hack a Tesla Model 3.
While manufacturers are working on better firewalls now to keep these computers all protected, there are currently millions of cars on the road (basically all of them) that hackers can try to exploit and millions more will be coming before adequate security integration is truly implemented. As far back as January 2016, the auto industry has published its first set of cybersecurity best practices, intended to combat rising and future threats facing the connected car.
But even when a vulnerability is found, manufacturers will have to target millions of vehicles, that have no effective way of being updated, since it’s uncertain who would heed the warning and take it to the dealer for a fix. Imagine the frequency of Windows security updates, combined with vehicle model recalls over some faulty part.
As we learned with PCs decades ago, mashing up technologies in a rush to market invites maliciousness, and as automotive technologies are forced to start focusing on security as well, governing bodies and manufacturers need to plan ahead, to ensure an interoperability across standards that will make them usable for a variety of platforms.
T: 053 914 6600
E: info@eset.ie
W: www.eset.ie