Motorists are unaware that cars have become hacking targets

As cars become more connected, the nature of threat will change.

Americans have short memories. Despite a number of prominent car-hacking developments in recent months, only 26 percent of respondents to a Kelley Blue Book survey could recall an instance of vehicle hacking over the past year. As automakers pour connected features into new cars, the findings released Tuesday suggest drivers are unaware of the potential risks.

Kelley Blue Book analysts say that percentage is a sharp decline in awareness from nearly six months ago, when cyber-security researchers remotely commandeered control of a Jeep Cherokee from halfway across the country. That rattled government leaders and brought the vulnerabilities of cars into the mainstream. The remote nature of that exploit made it a landmark case, and nearly three-quarters of Americans told KBB at the time they were aware of it, but the Jeep hack was only one of several hacks that occurred over the past year. Only last week, Nissan said it would disable a popular app used by Leaf drivers because researchers had found a way to manipulate certain vehicle functions through a security hole.

"More vehicle hacking entry points exist now than ever before," said Karl Brauer, senior analyst for Kelley Blue Book. "Cars are becoming more connected every day, which means vehicle hacking is almost inevitable."

"The question would be, 'Why would someone want to do that to your vehicle? Ninety-five percent of the adversary motivation is monetary." – Anujah Sonalker

By 2025, 81 million new connected cars will be sold each year across the world, according to global automotive forecasting firm SBD. Automakers and government officials are beginning to take cyber threats more seriously. Automakers started an Information Sharing and Analysis Center in December, and regulators from the National Highway Traffic Safety Administration have indicated they'll address the subject in the near future.

They're still behind. Since researchers from California-San Diego and the University of Washington first demonstrated that cars were susceptible to hacking back in 2010, dozens of automotive vulnerabilities have been discovered, mostly by independent researchers. The auto industry largely ignored their work – and when car companies could no longer do so, they tried to have third-party research silenced. But within the last year, several automakers have named cyber-security chiefs and named them to senior-level positions.

Remote Exploitation Of An Unaltered Passenger Vehicle At The Black Hat Conference

Connectivity brings a new dimension of complexity to the car-hacking problem, says Anujah Sonalker, vice president of engineering and operations at TowerSec, an automotive cyber-security firm.

"Connectivity is a game-changer," she said. "It's a humongous software challenge by itself, and you add to that a connection to your car or home network or CarPlay, and these have led to a massive influx of new technologies that they auto industry doesn't completely understand."

"Cars are becoming more connected every day, which means vehicle hacking is almost inevitable." – Karl Brauer

Hacking that involves the physical manipulation of vehicle controls has been the subject of much early research – and grabbed its share of headlines – but the nature of car hacking may soon change. Commandeering control of a vehicle can take months of planning with little financial payoff. Now that motorists are connecting their cell phones to cars, hackers may target financial information hoping for a monetary reward.

"It's possible to do bodily harm or show that it's possible to attack a vehicle without physically touching it, so the question would be, 'Why would someone want to do that to your vehicle? Ninety-five percent of the adversary motivation is monetary," Sonalker said. "... You have credit-card information on your car or phone, drivers-license information, emergency contacts. Now that monetization becomes more apparent."

If it's apparent in the security world, the connection and concern is not apparent to drivers. More than two-thirds of consumers told Kelley Blue Book that car manufacturers should be partially responsible for protecting them from vulnerabilities, even if a car is hacked through a mobile phone's software or applications. Only 13 percent of consumers said they wouldn't use Android Auto or CarPlay if it increased the potential for their vehicle to be hacked.

Kelley Blue Book analysts presented their findings at the RSA Conference in San Francisco on Tuesday.

Related Video:

Share This Photo X