Car hacking: Being taken for a ride

which went on to offer tips to both drivers and manufacturers on keeping vehicle software up-to-date, keeping an eye out for recalls, being careful when making modifications to vehicle software and exercising discretion when connecting third-party devices to vehicles.

The number of cars connected to the internet worldwide will grow more than six-fold to 152 million by 2020, according to Capgemini’s 2015 cars online report. Technology giants like Google and Apple are aggressively experimenting with both software and hardware, in different ways like self-driving cars and Apple CarPlay. A December 2015 Accenture report estimated that connectivity will rise to 98 per cent by 2020 and by 2025, all new cars will be connected. Over the next 10 years, revenue from connected cars just in India is expected to top $8 billion, according to research analyst firm Visiongain’s January 2016 report.

“Over the years, advanced electronics have helped to cover more aspects of the cars beyond the engine management and functionality. Electronics are being used to provide higher levels of safety and convenience to the customers in line with their demands and the evolving regulations and norms,” a Maruti Suzuki India executive said. While such innovation is likely to improve the convenience of car users, it also makes them more vulnerable to cyber threats.

Global trend is a clear indicator of this. In July 2015, Fiat Chrysler recalled 1.4 million vehicles in the US to install software after a magazine report raised concerns about hacking, the first action of its kind for the auto industry. The Fiat recall came after a video by Wired magazine showed hackers remotely taking control of some functions of a 2014 Jeep Cherokee, including steering, transmission and brakes. General Motors also issued a security update for a smartphone app that could have allowed a hacker to take control of some functions of a plug-in hybrid electric Chevrolet Volt, like starting the engine and unlocking the doors.

Some Indian carmakers, however, feel that the limited electronic components that are used in Indian cars today are safe when it comes to cyber threats.”In Maruti Suzuki vehicles, audio and navigation system is not part of CAN (Controlled Area Network). Therefore, there is no possibility of hacking from an external site. While the service stations can access the operational parameters through a special tool, any re-writing/programming requires an even more secure authentication process and physical access. Microprocessors (which are used) are selected on the basis of functional requirements and reliability (including impregnability). Micon firmware and drivers are written in the protected area of micon memory, while application modules are written in open memory. This protected memory data can be written only with very special tools that requires physical access,” the Maruti Suzuki executive added.

Features like Bluetooth, wi-fi, cellular network connections and keyless entry systems are all potential vulnerabilities that hackers might exploit to gain a foothold onto a car’s network. A lot of high-end cars also have computerised steering and braking systems along with parking and lane assist programmes embedded in the system, these are all potential loopholes that a hacker might use to manipulate a car.

Last year, researchers from the University of South Carolina and Rutgers University were able to hack into tire pressure monitoring systems of a major car model. Using readily available equipment and free software, the researchers triggered warning lights and remotely tracked a vehicle through its unique monitoring system.

Researchers at the University of Washington and University of San Diego also created a programme that would hack into onboard computers to disable brakes and stop the engine. The researchers managed to get connected to onboard computers through ports for the car’s diagnostic system. However, experts from the auto industry feel that the hacking threat to cars, at least in India is still a few years away.

“The use of electronics in Indian cars has definitely increased in the last few years, but it’s still not much when compared to cars made in the US. Indian carmakers are yet to think about the hacking angle because the electronic content is so limited that it’s still early days when it comes to cybersecurity threats for Indian cars. We’re still 4-5 years away from such potential threats,” said Abdul Majeed, Partner, Price Waterhouse.

“The electronic components of Indian cars are still at a very nascent level compared to the cars in western economies. That’s a reason why most Indian manufacturers are not even thinking about making the cars more prone to hacking because, realistically speaking, at this point in time Indian cars are not that vulnerable to such threats,” said a senior official with another leading car manufacturer in India.