Consumer Watchdog, a non-profit progressive organization and consumer advocate, has called for “kill switches” to be installed as standard in vehicles so all vehicular connectivity could be stopped at once in the event of an attack, writes Enterprise IoT Insights’ James Blackman. The organization requested this move be made in light of its new report “Kill Switch: Why connected cars can be killing machines and how to turn them off” that stated a coordinated cyber attack on connected cars in the U.S. could have a similar impact as the 9/11 terrorist attacks did in 2001. Consumer Watchdog’s report noted such an attack could cause thousands of deaths and hurt national infrastructure.
The organization said it believes auto manufacturers are putting profit ahead of safety and security, and has asked lawmakers to intervene if car markers and telecom companies don’t have solutions to secure connected vehicles by the end of this year.
“Using smartphone technology in cars – technology that was never designed to protect safety-critical systems – is a recipe for disaster,” the report said. “A plausible scenario involving a fleet-wide hack during rush hour in major US metropolitan areas could result in approximately 3,000 fatalities, the same death toll as the 9/11 attack.”
According to the report, it would be possible for someone to hack connected vehicles at once, through the cellular-connected head unit. “A hacker with only modest resources could launch a massive attack, potentially causing thousands of fatalities,” the report says. Meanwhile, expert hackers interviewed for the report noted that with enough time and money they could hack a fleet of connected cars.
The aforementioned head unit is connected to the vehicle’s CAN (controller area network) buses, which link to critical vehicle systems like the engine and brakes.
“Connecting safety-critical components to the Internet through a complex information and entertainment device is a security flaw. This design allows hackers to control a vehicle’s operations and take it over from across the Internet,” the report said. “Software design practices that result in frequent hacks of everything from consumer electronics to financial systems cannot be trusted in cars, which can endanger not only the lives of their occupants, but also pedestrians and everyone else on the road.”
Consumer Watchdog has been working with the auto and technology industries for five months to examine the risk of attacks on connected vehicles, Blackman writes. According to the organization, more than half of the vehicles in the U.S. will be Internet-connected by the end of 2019 and two-thirds will be connected by 2022.
“Seventeen million new cars are deployed on American roads each year in which the mechanisms that control movement – accelerating, steering, and braking – can be overridden by computers and software,” the report said. “This has been accompanied by a growing trend of connecting cars to wide-area communications networks, making them part of the Internet of Things.
“To protect the public, car makers should install 50-cent ‘kill switches’ in every vehicle, allowing consumers to physically disconnect their cars from the Internet and other wide-area networks. Otherwise, if a 9/11-like cyber-attack on our cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely. Mandatory ‘kill switches’ would solve that problem.”