Thirty-one years ago Stephen King wrote a novel about a possessed automobile. Christine wasn’t science fiction – it was a horror story.
But today, science has made a Christine-like scenario possible. A car may not have a will of its own (yet – more about that in a later entry), but it is entirely possible that malevolent forces could wrest control of a vehicle from its driver, with potentially lethal results.
Through a car’s diagnostic port, a car hacker can gain complete control over basic car functions like steering, braking, radio playback, climate control and door locks.
According to security firm Trend Micro:
Successfully executing a technically demanding car hack has become a badge of distinction for the few cyber criminals skilled enough to hijack a vehicle using only a laptop.
As a result, automobiles “should be regarded as potentially hackable assets that, if compromised, could result in actual loss of life,” according to the company.
In the future, cyber criminals may have more – and possibly more vulnerable – access points. Google and Apple are racing to more fully integrate their competing operating systems, Andriod and iOS, in cars. In Google’s vision, the car itself becomes “a connected Android device” – presumably with all the same vulnerabilities of a smartphone or tablet.
While basic risk management practices call for separation between the infotainment and vehicle-centric safety systems, the trend is towards greater integration at certain levels. At some point in the near future, drivers are likely to have access to not only smartphone-like functions, but also through the same “wearable” device such as Google Glass, information about the vehicle’s performance, the external driving environment and even the driver’s physical and mental status.
In the end, Christine was defeated by being fed through a car crusher. With proper security measures, modern day auto owners shouldn’t have to resort to such drastic measures to eliminate the threat of car hacking.
Security solutions are now being incorporated in vehicles from the earliest stages of design and production. Fleet owners should treat vehicles like other hackable devices in their organizations, with at least equal attention paid to security.
Risk managers should work with their broker to assure their organization’s insurance program will respond appropriately to a cyber event affecting a vehicle. Presumably, bodily injury and property damage claims would be covered by an auto liability policy, but insurance buyers should never take coverage for granted in the cyber realm.
