Why cyber security and software coding quality should be taken more seriously
July 30, 2018
Simon Walker, Chief Executive Officer, shares his opinion on cyber security and the quality of software coding with SC Magazine.
Developments in technology continue to revolutionise the automotive industry. As a result, the motor insurance sector is undergoing seismic change, fuelled by innovation in areas such as electric vehicles, driverless technology, connected vehicles and much more.
But this technology brings new challenges for manufacturers and insurers. Gone are the days when mechanical glitches were restricted to brake pads or suspension levels; with built-in sat navs, self-parking functions, and hands-free phone systems, faults in modern vehicles could be caused by one of a multitude of factors.
Martyn Thomas, Professor of Information Technology at Gresham College has issued stark warnings about the potential consequences of such technology, highlighting that radio, phone and other networks could all be hacked into. Other car technology to be cautious of includes powered handbrakes. If this software was hacked and the handbrake was applied suddenly when a vehicle was moving, it could result in a serious collision.
The key to safety
Despite these warnings, technology has continued to evolve rapidly. Along with new devices, other more traditional elements have changed with technology to become more at risk of being exploited than ever before. Take car keys for example. They now enable us to open our car doors before we’ve reached our vehicle and often simply having them somewhere in the car is enough to start the engine. But modern keys have enabled thieves to devise new ways of gaining access to our cars. In ‘relay attacks’, people use electronic signal relay devices, tricking the car’s system into thinking the keys are in the vehicle. The devices are sophisticated, working up to 30 metres away from the keys.
Luckily for drivers, a number of developers have released products to make vehicles less vulnerable to this type of exploitation. Signal blockers, for example, provide a place to store keys to avoid keyless theft. This is one of many products launched to counterbalance the rising threat of cyber-crime associated with vehicles, but there is more to be done.
Only last month, the Car Connectivity Consortium, which includes Apple and Samsung, announced plans to develop an app allowing users to unlock their car and start the engine using a phone. While the concept could have exciting implications for drivers, it raises important questions for insurers, should criminals access a vehicle using a lost or stolen phone.
BMW hits a bump in the road
News that a Chinese cyber-security lab identified 14 separate flaws in BMW’s car computer systems was a stark reminder recently that car manufacturers need to take cyber security and software coding seriously. Research from Tencent's Keen Security Lab identified ways that hackers could compromise the safety of cars. Plugging in infected USB sticks, connecting to Bluetooth and exploiting the vehicle’s 3G/4G data links were all identified as threats. While BMW is working quickly to fix these issues, the researchers have agreed to hold back on publishing their full findings until next year. While 14 separate faults may sound like a significant problem, in reality this may be the tip of the iceberg for the manufacturer.
In an unrelated study, it was found that data breaches take an average of 200 days to be detected, which means that there may be additional undetected vulnerabilities lurking in all connected cars, not just BMWs.
The news raises questions around the future of insurance and the rapidly changing nature of technology. At what point should risk be transferred from the driver to the manufacturer? Does the blame lie with the tech company behind the software? The task of establishing liability becomes much more complicated.
The road ahead
There’s certainly a level of irony that the qualities of modern cars which make drivers’ lives easier, are the very qualities which may be putting them at risk. As vehicle software coding systems evolve, hackers are simultaneously developing more sophisticated methods of gaining access. The consequences of exploiting these vulnerabilities could be serious, potentially putting drivers’ lives in danger.
The disproportionate focus on the future needs to be redressed. Too much emphasis has been placed on developing vehicle software, with little consideration or investment in cyber security. Competition between manufacturers is fierce, but safety should always be the number one priority. It’s not always an easy task, but manufacturers must strike the balance between ensuring safety without inhibiting innovation. The primary function of any vehicle is to provide a safe means of travelling, so it’s vital that modern additions don’t come at the cost of consumer safety. Technological software vulnerabilities should be addressed, both by manufacturers and insurers, before handing over the steering wheel to the public.