Consumer Watchdog Warns of Mass Hacker Attacks on Connected Vehicles

The benefits of Internet-connected vehicles – namely, communications and convenience – are marketed widely. In the wrong set of circumstances, however, too much connectivity can be a bad thing. The advocacy group Consumer Watchdog has been warning the auto industry that modern non-self-driving cars and their susceptibility to hacking could present dangers to drivers, even a “mass casualty” situation likened to the terrorist attacks of September 11, 2001.

Now, Consumer Watchdog has released a report entitled “Kill Switch” that describes the vulnerabilities present in connected cars, and how an inexpensive piece of technology that instantly disconnects the car from the Internet could save lives. The report notes that while self-driving or autonomous vehicles are years or decades away, 17 million new cars are deployed on American roads each year in which the mechanisms that control the vehicle’s movement—accelerating, steering and braking—could be deliberately overridden by computers and software.

“This computerization has been accompanied by a growing trend of connecting cars to wide-area communications networks—making them part of the Internet of Things (IoT),” according to the report. “This is a dangerous combination, as it creates the potential for hackers to take control of vehicles remotely. Unlike other ‘connected’ technologies in which hackers can only steal information or money, hacked cars have the potential to cause property damage and deaths.”

Consumer Watchdog notes that the military and aerospace industries understand the dangers of connection to the Internet well and deploy a series of safeguards to protect military vehicles and airplanes. The auto industry, it says, has yet to take the risks seriously and continues to put profits before consumer safety. By 2022, according to the group, one third of vehicles on American roads will be Internet-connected.

Most connected cars, according to the report, share the same vulnerability.

“The head unit (sometimes called the infotainment system) is connected to the Internet through a cellular connection and also to the vehicle’s CAN (Controller Area Network) buses,” according to the report. “This technology dating to the 1980s links the vehicle’s most critical systems, such as the engine and the brakes.”

A coordinated hacker attack could disable critical systems in multiple vehicles all at the same time, causing a high number of accidents and fatalities and overloading critical emergency services beyond their capacity to respond. To protect drivers, passengers and pedestrians, the report notes, vehicle manufacturers should be installing inexpensive “kill switches” in every connected vehicle, allowing consumers to physically disconnect their cars from the Internet and other wide-area networks in the event of a cyberattack.