When hackers attack cars

From car hacking to key cloning,vehicles are increasingly prone to cyber attacks

Mr Lars Reger, chief technical officer of Dutch chip maker NXP, says there are solutions to prevent or minimise the risk of cyber attacks on car systems.
Mr Lars Reger, chief technical officer of Dutch chip maker NXP, says there are solutions to prevent or minimise the risk of cyber attacks on car systems. PHOTO: NXP

Hackers seizing control of a car remotely and sending it careening over a cliff or crashing into a foreign embassy may be the stuff of movies, but the threat is real.

In July, cybersecurity experts were able to gain control of a Jeep Cherokee's engine, steering and brakes as it was travelling on a highway, prompting a recall of 1.4 million vehicles. And in August, researchers were able to switch off an electric Tesla Model S remotely as it was moving.

The US National Highway Traffic Safety Administration now suspects that other cars are also vulnerable to cyber attacks.

But Mr Lars Reger, chief technical officer of Dutch chip maker NXP, says this development is to be expected.

As cars become more connected to the Internet, they naturally attract the attention of hackers, "just like when the first smartphones arrived in 2006", he says.

The good news is that there are solutions to prevent or minimise the risk of such attacks, he tells Life. And as simplistic as it sounds, it involves preventing unauthorised access to vehicle's systems.

"It's like a house," he says. "No one today will build a house without doors or without door locks. And of course, you have different types of door locks."

In cars, this means putting high-level data security into a car's telematics system - the system that "links" the car to the outside world, such as navigation, communications and infotainment.

"This is what NXP has been doing since 2008," says Mr Reger, adding that the level of security of "crypto controllers" (highly secured processor chips) embedded in its telematics systems are equivalent to those found in e-passports and banking cards.

He claims none of the hacking seen recently would have been possible with this encrypted system.

He adds that none of the crypto controllers in its banking or passport cards have been hacked either, even though the incentive to hack into these is much greater than hacking into a car.

NXP is also working with automotive firms and original equipment makers on securing the other systems in the car, "so that even if hackers can somehow gain access to the telematics system, they cannot freely roam about" to get into other control units.

This is vital because premium cars have up to 150 control units, he adds.

Next, cars in the future would be able to know that they are being hacked, so that they can alert the driver, who can then take appropriate actions.

"In a self-driving car, for example, it can perhaps tell the driver, 'I'm not feeling so well, please take over'," he says. "Today, a car can just tell you that its anti-lock braking system is failing - a warning light pops up on the dashboard."

Another level of security might be in a system that is able to check "the consistency of electronic messages".

"If my car's trailer hook control unit tells my car to open all the doors, I should be suspicious. Same thing on a plane, if the plane receives a message from a passenger seat, that should be prohibited immediately," Mr Reger says.

He adds that "software updates" - commonplace in computers and smartphones today - may be required for cars in the future to ensure that they remain safe against malware.

What about thieves who steal cars by cloning the electronic keys? In Britain, there are reports citing that nearly half of all cars stolen recently were through cloned keys, including those for premium cars such as BMW, Range Rover and Jaguar.

Mr Reger says: "Again, a lot of hacks were on outdated keys. You have to have the latest keys or have older keys updated.

"What you find is that some carmakers in the past were using systems that were 14, 15 years old in a new car."

NXP is also positioning itself as a leading supplier of systems used in autonomous vehicles. Mr Reger says that, however, a car that can be completely driverless in all situations is at least 10 years away.

But cars which can drive by themselves in an environment with few variables - such as highways - will be ready "in the next three years".

On highways, vehicles are moving in the same direction, and "there are no strollers, no toys flying around, no crazy parking and the like".

Already, high-end models from Mercedes-Benz and BMW have models that can "convoy" autonomously at up to 60kmh, but "traffic legislation still requires that drivers keep their hands on the steering wheel".

Urban environments, with so many variables, are more challenging.

Mr Reger says: "Last year, when Mercedes was testing its autonomous car, it got stuck at an intersection because there was an old lady who wanted to cross. The old lady decided to wait for the car to pass, but the car detected that there was a person who wanted to cross and waited. In the end, the driver had to intervene, and drove manually."

An autonomous car might go round a corner and come to a stop behind a delivery truck that had stopped to load and unload, "thinking" that there is a traffic jam.

Hence, Mr Reger reckons that for a start, there will probably be vehicles that are autonomous on highways and short well-mapped city routes.

But that, he says, will already be a boon because it makes long- distance commutes safer and less tiring. Unlike a human driver, an autonomous car does not lose concentration or drive erratically because the driver is upset, angry or distracted by the phone.

As such, traffic flow will become smoother, leading to more efficient use of infrastructure. Improved efficiency will also come from vehicles being able to follow one another in a tighter formation, leading to higher throughput.

"When one car brakes, the fifth car behind already knows it," Mr Reger says, as the vehicles are constantly "talking" to one another.

He disagrees that humans can react faster in an emergency. "If I see your brake lights lit up, it takes me one second to put my foot on the brake pedal. Before the brake pedal starts moving, a second is gone," he says.

But in an autonomous system, the brakes are always primed to take effect, and will do so within 350 milliseconds when the need arises.

The other hurdle to autonomous driving is societal acceptance. Mr Reger says radar-based adaptive cruise control has been around for more than 10 years now, but motorists are starting to accept it only now.

Yet, he reckons the younger generation is more comfortable and more willing to interface with machines.

"In four years time, my son, who's 14 now, will be asking me, 'Dad, you don't have a keyboard in your car, how shall I drive it?'," he says with a laugh.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on October 03, 2015, with the headline When hackers attack cars. Subscribe