While indulging my interest in the new Audi R8 (completely speculatively of course I wish I could own one!) I was distracted and amazed by the mass of electronic systems involved in a car of that range. ABS, Stability Control, Fly by Wire throttle, Sat Nav to name just a few. All of these electronic systems are controlled by software somewhere in the car’s brain and are responsible for keeping you safe, keeping you going in the right direction and helping you control your exotic sports car.
Snapping myself out of this dream and putting my work hat back on. What is protecting these systems from the kind of vulnerabilities that your office systems have to face. Malware, unauthorised control and even simply mis-configuration . We are if nothing else trusting our very expensive cars in the hands of all this technology.
Toyota’s software bug that affected the braking system on the Prius demonstrates the problem. Software can only perform as well as it is programmed and as seen in the thousands of malware attacks, it can be affected to perform differently or to stop performing all together.
What is to stop someone loading malware into your car via say the Bluetooth connection between it and a phone, and in doing so affecting a system such as the brakes? (That is not to mention cars now being connected to the free world of the internet).
This is not an issue unique to cars, Hugo Teso a security consultant from German company n.runs recently demonstrated how he could take control of an aeroplanes auto-pilot system using his smart phone. The issue is that all these systems are interconnected, meaning that an easy access unsecured data route such as your Sat-Nav GPS or phones Bluetooth can allow access to other critical areas within your vehicles system.
Transport providers are going to have to take the cyber threat seriously and get up to speed with modern IT security principles. They can no longer claim to be disconnected from outsider threats and have to secure their data entry points and separate the internal systems to reduce the effect of any malicious data.