As is commonly said, with the advancement of technology, there comes greater risk, and the automobile industry is no exception. The emergence of smart cars with limitless possibilities has opened the doors to some serious threats for consumers. A new study from Michigan State University (MSU) has applied the criminal justice theory to smart vehicles and revealed cracks in the current system leading to potential cyber risks.
Thomas Holt, professor of criminal justice at MSU, said: "Automotive cybersecurity is an area we don't understand well in the social sciences. While there are groups of computer scientists and engineers digging into some of the issues, the social aspects are extremely relevant and under-examined. As the technology gets greater market share, it's critical to get ahead of the curve before there are issues we can't rein in."
Data threats from non-verified sites
Day by day it is becoming very easy for hackers to breach vehicle systems with the help of computers as smart cars are often connected to WiFi networks. A hacker can easily get backdoor access to data from both your phone and your car once your smartphone is connected through a USB port. People who use Google Android to download apps for non-verified sites are at greater risk of such data threats.
The study used a popular criminal justice framework and analysed the present forms of vehicle security. Based on the analysis, the research, published in the Journal of Crime and Justice applied Routine Activities Theory, provides recommendations for manufacturers and owners to improve safety.
Holt said: "The risk with vehicles isn't just personal data - though that is still a real concern. Say the car is compromised and a hacker alters certain alert systems that tell a driver when tire pressure is low or so the emergency brake sensory systems don't kick in. That could lead to loss of life."
Lack of presence of guardian
Holt said that there should be a motivated offender, a suitable target and a lack of guardian for a criminal to act. Though motivators and targets are clear, the vehicles fell short of the presence of a guardian, claimed Holt.
"Where we found holes was surprising: there's no one technically responsible for these vehicles' central computer systems," Holt said. "The automotive and equipment manufacturers need to recognize that as it stands, they serve as the guardians in the space, and the onus is on them. They need to take the lead in thinking more critically about data flows, software vendors and how to communicate securely with dealerships."
Holt said that if a piece of equipment fails in a traditional automobile, the problem can be fixed. But, cyber security is very different and is not a recoverable problem. "It's critical to think beyond thresholds and recalls because cybersecurity isn't a recoverable problem, but rather one that requires constant system patching updates, installations and new codes written. This is more complicated but needs to be an active guardian process," he added.
Regular update of system software
The study suggests that the guardians should consistently and actively update the software of the system to disrupt such security problems. "Not everyone updates their smartphones when they're supposed to, but customers need to realize that to a certain extent, manufacturers can only do so much. The customer must have a role in protecting their cars as well," Holt explained. "We can't expect every vehicle owner to go to a dealership every time there's a security update. But once the guardians find a way to make it more accessible, they'll be the ones responsible for protecting their vehicles - and themselves."
"We need to improve the presence of software guardians and better resources; we also need to think about developing policies to protect users, vehicles and customers. There are real benefits to smart cars and autonomous features, but we need to get ahead of the risks before those benefits are lost," Holt added.
