• Commercial Transactions: Hackers could conduct unwanted or unauthorized transactions by accessing toll pass systems, VIN or other identification data, or mobile payment technology that is linked between the driver’s phone and vehicle.
• Operational Interference (Non-Safety): Remotely accessing and controlling vehicle systems such as electric seat controls or temperature controls.
• Operational Interference (Safety): Control or compromising of critical vehicle systems, including brakes, steering etc.
While vehicle hacking has been rare, all the above types of threats have been proven feasible in tests and demonstrations.
“There haven’t been a lot of malicious attacks so far,” says Tom Gage, CEO and managing director of Marconi Pacific. Gage chairs the ATIS Connected Car Cybersecurity Ad Hoc Group. “Hacking an individual vehicle is risky, but a larger risk is to a whole class of vehicles. If all Fords or Volvos were made vulnerable because of a software deficiency, for example.”
“The thing to watch is how hackers can make money from hacking cars,” says Jim McEachern, senior technology consultant at ATIS. “Ransomware or some version of that could be a possibility. Most of these attacks are motivated by making money.”
Cars also may be accidentally targeted. For example, connected medical devices sometimes are affected by malware because hackers are scanning for all ports looking for computers. A medical device or car that isn’t secure could be infected in a way that affects operational systems.
As cars become more connected, the pathways into the vehicle systems are increasing. Those include internal paths (via connections to personal mobile devices), connected to other vehicles, external wireless networks, satellite connections and cloud access connections.
Some of these connections are managed (such as those provided by wireless carriers or OEMs), while other are unmanaged (such as a connected personal tablet to the vehicle).