Engineers and computer experts say attack is likely within the year; in-car wi-fi, telematics and self-driving functions most likely targets.
A damming report on car cyber security claims in-car technology like wi-fi, Bluetooth, self-driving systems and telematics equipment are open to hacking, and that car makers and suppliers are not doing enough to prevent possible electronic attacks.
The report is based on a survey of 593 IT practitioners and engineers working in the automotive industry, and highlights a number of significant concerns from these professionals.
Among the issues raised by the report are:
- 62 per cent of IT and engineering professionals think an attack on their company’s products is likely within the next year
- 52 per cent say they are aware of potential harm to drivers or vehicles due to “insecure automotive technologies”
- 62 per cent say their company does not have sufficient cyber security skills in product development
The companies of those responding to the survey only have an average of nine full-time employees in their cyber security management programs, while 30 per cent of respondents said their company had no product cyber security program or team whatsoever.
The products those surveyed consider most likely to be hacked are:
- RF systems such as wi-fi and Bluetooth (63 per cent say most at risk)
- Telematics systems that log speed and location data (60 per cent say most at risk)
- Self-driving systems and vehicles (58 per cent say most at risk)
News IT and engineering professionals are concerned about the security of self-driving systems may raise particular concerns, coming on the same day the Department for Transport announced it plans to update road laws to allow totally driverless trials to take place in the UK.
The report comes from Californian software company Synopsys, and SAE International (Society of Automotive Engineers), a US-based engineering standards organisation. Synopsys is on the edge of internet security and more recently identified a local privilege escalation vulnerability in Kaspersky VPN software.
Those surveyed for the report say the pressure to meet deadlines and a lack of understanding related to coding practices are the most significant reasons for software vulnerabilities to be present in automotive software and technologies. Some 69 per cent of respondents said they did not feel able to raise concerns with senior staff in their companies.
The report’s authors call “the automotive industry’s complex and disparate supply chain” a “major culprit” in causing security-related issues, while those working in third-party suppliers being twice as likely to say their company does not have an established cyber security team.
Commenting on the report, Mike Hawes, chief executive of the Society of Motor Manufacturers and Traders, called cyber security “a priority for the automotive industry” and said car makers are “investing significantly in new features to help keep cars safe.”
Hawes added that the industry “is working closely with government and security agencies and is developing new guidance to help vehicle engineers design safeguards to make current and future generations of connected cars resilient to cyber attack.”