Integrating cutting-edge computer systems into cars was inevitable. Since their conception, automobiles have been at the forefront of technological innovation and change. Over the last few decades, the ever-shrinking size of microprocessors has enabled automakers to integrate computers into many different automobile systems, allowing a new level of diagnostic ability and control over cars’ various features.
However, all of that added functionality comes at a cost. We all know how unpredictable and finicky software can be, and adding computers to cars simply adds another component which can break. To make matters worse, a recent analysis by a leading cybersecurity lab has revealed that the onboard computer systems in many BMW vehicles are particularly vulnerable to intrusions and attacks by hackers. Could this problem be more widespread than we realize?
Tencent’s Keen Security lab tested various BMW models produced between January 2017 and February 2018 and found that between the i Series, X1 sDrive, 5 Series, and 7 Series models, there are 14 distinct vulnerabilities which could pose a threat to connected cars. Out of the 14 vulnerabilities, five could be accessed using a mobile internet connection alone regardless of proximity to the vehicle.
Using those vulnerabilities, researchers were able to access the vehicles’ infotainment systems and CAN buses, the connections between all of the vehicles’ functions. That gave researchers the ability to tamper with the vehicles’ diagnostic functions, opening up a wide range of ways to sabotage the cars.
The research was carried out with funding from and cooperation with BMW in an attempt to discover and identify “presently unknown attack scenarios” and develop cybersecurity solutions for them.
Could we be witnessing the beginning in a new area of automobile sabotage? The problem is definitely in no way confined to BMW alone, and will only get worse as automated vehicles become ubiquitous. Think of the damage a hacker could do by taking down the critical infrastructure or sensor networks which allow autonomous vehicles to operate safely. Do we really want our cars to be connected to the Web with all of its threats and dangers?