Your Cars Are at Security Risk, Warns Kaspersky

With the Internet of Things (IoT) becoming a steady reality, connected cars are already a reality while autonomous self-driven cars are right around the corner. With the automotive industry increasingly depending on technology, there are threats to be addressed and according to Kaspersky Labs, the threats are entirely likely, with vulnerabilities already present in modern day cars.

The threat is already here

“The car is built on the premise that the internal combustion engine is not accessible, which is not true. The threat to cars is already an issue,” said Alexandar Moiseev, Managing Director of Kaspersky Europe.

“You don’t need autonomous cars to be hacked,” was his damning statement.

Electronic over mechanical

Car manufacturers have increasingly adopted electronic control systems over mechanical in current-day modern cars and with this brings plenty of potential security risks.

“There have been a few security breaches in the car recently. The problem is that IT security was never involved into the design of the cars themselves,” noted Moiseev.

“It’s like living in a house with no roof and being worried about security. You can put bars on the windows, but that won’t help,” he added.

The risks

Two areas in a modern day car that are already open to hackers or attackers were highlighted by Moiseev, with them being:

  • Automated parking assist
  • In-car microphones with access to your conversations, infringing with driver privacy.

While these features are seemingly harmless on first glance, there are potent security risks with both features, taking into account the inherent vulnerabilities present.

“You have park assist, you press a button and it parks your car. It’s the ultimate proof of concept,” elaborated Moiseev.

“It is a piece of software that resides on the head unit, which is connected to different components. It can steer the wheel for you, it can use the breaks, it can use the throttle, it can lock the doors, and it can use the sensors. I don’t need anything else to drive the car, and this is a piece of software.”

“Is the head unit accessible? Yes, it is. This is accessible, people could change this software.”

Upon discussing the car’s integrated and in-built microphone system, he made an analogy, saying: “Imagine a mega VIP who visits rooms which are completely secured. He has tonnes of bodyguards, he is totally protected and everyone is interested in the data he knows, but then suddenly you can gain access to the microphone in his car.

“The real problem right now is that nobody can tell you for sure that those threats are not active.”

While this may sound dramatic, the reality is that such fears being realized are entirely within the realm of possibility.

Kaspersky is partnering with car manufacturers to assist and collaborate over cybersecurity issues with autonomous self-driven cars that are connected a soon-to-be reality in the coming years. For its part, Kaspersky isn’t pushing a car-centric security product for consumers just yet.

“Many of our competitors would say it’s stupid, because we could jump out with an immediate product right now to solve the problems, but for us, that’s not the goal – to be really short term,” Moiseev explained.

“If we release the product today, within an hour it will be obsolete, the speed of development of malware is so fast,” he concluded.