Cybersecurity experts urge automakers to take steps to stop hackers

DETROIT -- As vehicles become increasingly more connected to smartphones, infrastructure and other vehicles, it will become vital for all parties to collaborate and become informed on the risks associated with connectivity, a panel of four experts said at an event in Detroit.

Car hacking has so far been limited and controlled in scope, but more widespread and consequential hacks could become more common in the future if automakers and consumers are not prepared, the experts said Wednesday at the Automotive Press Association luncheon. Connected cars can provide hackers with a large amount of personal data available to exploit.

“There’s more reason for an attacker to come after your vehicle because you have tons of data,” said Anuja Sonalker, North American vice president of engineering for TowerSec, an automotive cybersecurity company.

“You have credit card information in your car, you have driver’s license information, your [Social Security number] is probably in your car, all your emergency contacts.”

Cybersecurity became a larger issue for automakers and regulators last year after researchers Charlie Miller and Chris Valasek were able to exploit a Jeep Cherokee’s infotainment system and take control of it remotely.

The recently launched Information Sharing and Analysis Center, which serves as a space of sorts to share cybersecurity-related information among automakers, is a promising first step toward creating a necessary collaborative environment, the experts said.

“It’s going to take a community to solve a problem,” Sonalker said.

Transparency and collaboration are key to cyberattack prevention, said Tom Winterhalter, supervisory special agent for the FBI Detroit Division’s Cyber Squad.

Said Winterhalter: “How is GM or how is Ford or how is FCA supposed to prepare for or prevent any of the intrusions against their vehicles if they’re not aware that somebody’s trying to penetrate GM or Ford or one of the other ones?”

Winterhalter said automakers must train and prepare their employees to recognize security concerns in order to prevent vehicle attacks and breaches on company data and information. He said companies must come forward to law enforcement and intelligence officials should there be any concerns.

“We always try to let them know that the only reason we found out about some of these risks and vulnerabilities is because somebody that was a victim came forward and announced that,” he said.

Attackers, whether they’re working for a criminal organization, a nation-state, a competitor or on their own, will always adapt to new technology and new security measures, Winterhalter said. Therefore, it’s important for automakers and consumers to stay vigilant.

“It’s never going to be enough,” he said. “No matter what you do, no matter how much you secure your home, there’s still going to be somebody that wants to break into it.”

The need for automakers and regulators to address security concerns will become increasingly important as autonomous vehicles hit the market in the future, Sonalker said.

“There’s more responsibility on this high-level of automation to not go wrong,” she said. “And if human-driven cars can be hacked, and we are behind the wheel and we freak out because we know what’s going on, can you imagine the situation when a driverless car is hacked and the machine can’t even take control back?”

Consumers should also be aware of the dangers that come with connecting their smartphones to their vehicles, Sonalker said.

“When you connect your phone to your car, if your phone can have malicious stuff in it, that can touch your car,” she said. “So, be aware. If you don’t need to connect your phone to your car, don’t do it.”