Experts: Automakers must evolve to combat hackers

Michael Martinez
The Detroit News

Livonia — Automakers need to upgrade their software infrastructure, hire better talent and collaborate with each other more to guard against hacking threats, experts said Tuesday.

Speaking at a privacy and cyber-security forum hosted by the Center for Automotive Research, speakers from the technology, automotive and security industries urged automakers to take more seriously the threat hackers pose. Computer-savvy thieves can infiltrate cars through everything from Bluetooth devices and remote key fobs to USB ports and smartphone apps, stealing VIN numbers, credit card numbers and other sensitive information shared between cars, phones and home wireless devices.

“As an industry, we cannot sit idly by and say it’s not going to happen,” said Andrew Brown, vice president and chief technologist for Delphi Automotive. “I think the industry has started to address this more aggressively.”

The need to guard against hacking has been around for years as cars have become more autonomous and as automakers rely more heavily on infotainment systems and other wireless services. But recent events have brought the issue to the front of the public’s mind.

Last week, a “60 Minutes” report showed a researcher with a laptop hacking into a new car — turning on windshield wipers, sounding the horn, deactivating brakes — as correspondent Lesley Stahl was unable to stop in a parking lot. That segment prompted a report commissioned by Ed Markey, D-Mass., saying vehicles are vulnerable to hacking through wireless networks, smartphones, infotainment systems like OnStar — even a malicious CD popped into a car stereo.

“All of these cars are hackable,” said Anuja Sonalker, lead scientist and program manager for Battelle, a research and development company that works in the automotive and cyber-security fields. “We understand hackers today are after the big-ticket items. Those are the scales they’re looking for.”

Hackers don’t care so much about being able to steal cars, Sonalker said, as they do accessing larger smart grids that cars connected to — banks, auto dealerships and other companies.

“Your car’s a springboard,” she said.

Praveen Narayanan, research manager for automotive and transportation at Frost & Sullivan, said Tuesday there are about 16 different access points on any given car that hackers can target. He said cyber-security costs can add as much as 5 percent to the cost of vehicles, so it’s making some companies more nervous about developing autonomous vehicles.

“There’s too many risks,” he said.

Tuesday’s speakers said many of the solutions to counteract cyber-security threats are already in place in sectors like aerospace and the defense industry, but the automotive industry has been slow to adopt them.

“Very simple programming standards are not being utilized,” said Brett Hillhouse, an engineering solutions executive at IBM. “There’s just a tremendous amount of lack of maturity in some of the software technology itself.”

Boeing jets, he said, use separate electrical systems so if one is breached, the hackers can’t access all of the plane’s other information.

Hillhouse said car companies need to rely more on hiring software engineers instead of focusing so much on old-school manufacturing positions.

“The environment for security software just isn’t understood by OEMs,” he said. “Yes, we need wind tunnels, but what level of effort is being put into best practices around software?”

(313) 222-2401