Rogue hackers and hostile states could 'kill millions' using hijacked cars
"Any nation with the ability to launch a cyber-strike could kill millions of civilians."
Rogue hackers or hostile states could "kill millions" using hijacked cars, and a spike in road deaths is inevitable if manufacturers do not rush to solve cybersecurity issues, an expert has warned.
Justin Cappos, professor in the Computer Science and Engineering department at New York University, told The Times that car hacking should be considered a national security issue and claimed any car built since 2005 could be "remotely" accessed by cybercriminals.
"If there was a war or escalation with a country with strong cyber capability, I would be very afraid of hacking of vehicles," he was quoted as saying in an article published Monday (20 November).
He added: "Many of our enemies are nuclear powers but any nation with the ability to launch a cyber-strike could kill millions of civilians by hacking cars. It's daunting."
Cappos claimed that once in a vehicle's internal computer network, hackers would be able to tamper with key functions – including the braking system, power steering and locking mechanisms.
"Components in cars are not good at understanding where messages come from and whether they are authentic," he asserted. Currently, there are roughly 9m WiFi-connected cars in the UK.
In 2015, the issue of car hacking hit the headlines after two security experts – Charlie Millier and Chris Valasek – showed there were a series of shocking bugs in Chrysler's Jeep Cherokee. They were able to take control of the car's dashboard, locks, brakes and windscreen wipers.
The research resulted in Fiat being forced to recall 1.4 million vehicles in the US for updates.
Now, industry bodies say work is already well underway to help prevent major hacks from taking place. "Billions are invested to stay ahead of criminals and new cars have never been more secure," a spokesperson for the UK's Society of Motor Manufacturers and Traders said.
Some high-profile experts in cybersecurity and policing have also blasted Cappos's comments.
Rob Wainwright, the executive director of Europol, tweeted Monday: "Cybersecurity is clearly a big issue but it's unlikely to be taken seriously by sensationalist comments like this."
Nevertheless, it is clear that car hacking – even if not on the scale Cappos suggests – is an issue. In recent years, multiple road vehicles have been found to be susceptible to cyberattacks.
In August last year, two UK-based computer experts at the University of Birmingham found that more than 100 million cars sold by Volkswagen since 1995 had security flaws in their keyless entry systems. The flaws could let criminals intercept signals sent via fobs to unlock cars.
Months prior, in March 2016, an investigative report produced by International Data Corporation (IDC) and commissioned by security firm Veracode found that it could be years before adequate cybersecurity protections are put in place.
"The industry is just beginning to debate cybersecurity issues surrounding connected cars," the report found. "Manufacturers [said] that it will be one to three years before connected car systems are implemented with full consideration of such concerns.
"The question for manufacturers is whether this is realistically feasible given the challenges ahead and the rate at which applications are being developed today."