Daily BulletinDaily Bulletin

The Conversation

  • Written by Tanveer Zia, Associate Professor in Computing, Charles Sturt University
image

It’s common to hear modern cars referred to as computers on wheels. They boast sensors that measure fuel and braking, along with built-in navigation and infotainment systems. These digital systems could be hacked and Australia needs to preemptively tackle this threat.

Compromised vehicles present unique issues. Besides putting people at serious risk, these smart cars often hold personal and confidential data such as driving patterns and routes, as well as corporate data and geolocation logs. And as cars become autonomous, they’ll rely increasingly on code and connectivity, making them potentially more vulnerable.

Read More: Cyberspace aggression adds to North Korea’s threat to global security

In response to the danger of hacked cars, the UK Department for Transport recently issued cybersecurity principles for smart car manufacturers and retailers. The principles, which cover accountability and training among other concerns, aim to prevent “hacking and data theft”.

Australia should introduce similar guidelines.

Can cars be hacked?

These days, many smart cars tend to have electronic control units connected with sensors and wires, as well as with Bluetooth and wireless systems that allow it to get online.

There are several components in a smart car – such as GPS, Lidar (light detection and ranging), video cameras, radar sensors, and ultrasonic sensors – that communicate with its computer. A security breach of these components could provide hackers with a doorway.

In other words, many cars are now “cyber-physical” systems, and there have been plenty of hacking incidents so far.

In 2016, hackers showed how the Nissan Leaf could be hacked from anywhere in the world via mobile app and web browser.

In 2015, two cybersecurity researchers demonstrated a remote attack, taking control of a Jeep Cherokee and sending it off the road. The FBI later issued warnings about car hacking via remote exploits.

Hackers Remotely Kill a Jeep on the Highway—With Me in It.

Again in 2015, hackers exploited a vulnerability in BMW’s ConnectedDrive technology and showed how they could exploit it to unlock the cars.

In another similar attack in 2016, hackers remotely unlocked Volkswagens.

Cybersecurity guidelines for the smart car industry

Many countries are beginning to recognise that the car industry needs to meet cybersecurity standards.

In 2016, the US Department of Transportation introduced cybersecurity best practices for modern vehicles. They encourage companies to follow the National Institute of Standards and Technology’s cybersecurity framework: identify, protect, detect, respond, and recover.

The UK’s key principles promote car cybersecurity governance at the board level.

It also looks at risks specific to the supply chain and urges manufacturers to consider the security of car software and firmware, as well as ensuring secure data transfer and efficient response mechanisms if a breach occurs.

The European Union Agency for Network and Information Security also published Cybersecurity and Resilience of Smart Cars earlier this year, which provides a list of good recommendations. These include a focus on communication protection, access control, cryptography and user data protection.

Do Australian cars need cybersecurity rules?

With manufacturers introducing smart cars in Australia, it’s time for similar, enforceable guidelines to be introduced locally.

In smart cars, many components are not designed with security in mind. A car’s electronic control unit, for example, as well as its infotainment system and locks, may have strong access control. An electronic key, a passcode or biometrics are often used.

But what if an attacker took advantage of a vulnerability in a tyre pressure reporting system or sensor-fitted headlights and used it to gain control of the entire vehicle?

Read More: Cyber attacks ten years on: from disruption to disinformation

Any guidelines should address all of the car’s potential vulnerabilities – each piece of software running in a smart car should have its own security measures in place.

The guidelines must also address cybersecurity compliance, not just for manufacturers, but for repairers and parts suppliers as well. Compliance and audit control will ensure that all stakeholders in the supply chain follow the best security practices.

The guidelines should also ensure smart car manufacturers have patches and updates available for their customers as part of their continuing post-sale service.

Guideline compliance should also become part of a car’s annual registration renewal process to ensure everyone’s security and safety. As autonomous vehicles arrive Down Under, it’s time to get out ahead of the risk.

Authors: Tanveer Zia, Associate Professor in Computing, Charles Sturt University

Read more http://theconversation.com/australias-car-industry-needs-cybersecurity-rules-to-deal-with-the-hacking-threat-82268

Review: Warwick Thornton’s The Beach is a delicate conversation with Country

arrow_forward

The vaccine we're testing in Australia is based on a flu shot. Here's how it could work against coronavirus

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

$1.8 billion boost for local government

The Federal Liberal and Nationals Government will deliver a $1.8 billion boost for road and community projects through local governments across Australia.   The package of support will help lo...

Scott Morrison - avatar Scott Morrison

Scott Morrison press conference

PRIME MINISTER: This is a tough day for Australia, a very tough day. Almost 600,000 jobs have been lost, every one of them devastating for those Australians, for their families, for their commun...

Scott Morrison - avatar Scott Morrison

BOOST FOR BUSHFIRE RECOVERY

Local economic recovery plans will help towns and regions hit by bushfires get back on their feet as part of a new $650 million package of support from the Morrison Government.   As part of th...

Scott Morrison - avatar Scott Morrison

Business News

Office expert: Don't bring your staff back to work until you have done these things

With lockdown restrictions gradually being eased across the country, Australian workplaces are looking at the types of changes needed in order to meet new health and wellness requirements post-l...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

Major health and wellness brands sign-on to open at Yamanto Central

While COVID restrictions start to ease across the country, plans for Queensland’s newest shopping centre, Yamanto Central, ramp up. Due for completion in the first half of 2021, Yamanto Cent...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

How have live chatbots turned beneficial for online businesses?

Every business these days have come up with their online models. While some people still rely on the customer service representatives to handle the queries for their company around the clock through...

Paresh Patil - avatar Paresh Patil



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion