As more carmakers adopt “over the air (OTA)” software updates for their increasingly connected and autonomous cars, is the risk of hacker hijack also increasing?
Imagine jumping in your car but being taken somewhere you didn’t want to go – into oncoming traffic, say, or even over a cliff.
That may seem like an extreme scenario, but the danger is real.
And earlier this year, Tesla boss Elon Musk warned about the dangers of hackers potentially taking control of thousands of driverless cars.
“I think one of the biggest concerns for autonomous vehicles is somebody achieving a fleet-wide hack,” he said, speaking at a National Governors Association meeting.
“In principle, if someone was able to… hack all the autonomous Teslas, they could say – I mean just as a prank – they could say ‘send them all to Rhode Island’ – across the United States.
“And that would be the end of Tesla, and there would be a lot of angry people in Rhode Island.”
Mr Musk insists that a kill switch “that no amount of software can override” would “ensure that you gain control of the vehicle and cut the link to the servers”, thus preventing the Rhode Island scenario.
As cars become more sophisticated, incorporating semi-autonomous features such as lane keeping, automatic braking and self parking, and their “infotainment” systems are connected to the internet, the amount of software code needed to control these systems is ballooning.
Keeping all these software programs updated has typically required drivers to visit the dealership.
“For automakers and their customers alike, such repair-shop visits are a huge waste of time and money, and online updates can significantly reduce this,” explains Dr Markus Heyn, board member of automotive electronics and processing supplier, Bosch.
So OTA updates give manufacturers the ability to respond quickly as problems arise. And fixing bugs this way is safer than sending out physical USB sticks – which is what Chrysler did to patch its Jeep.
Critics pointed out that criminals could have intercepted the USB sticks and sent out their own malware-infected versions instead.
It’s hardly surprising then that there are strong moves in the industry towards OTA updates, which mean that new features can be added, and bugs patched, in just an hour or two, all without inconvenience to the owner.
General Motors, for example, says it expects to be updating engine software using its OnStar network by the end of this decade, thanks to a new electrical architecture for its vehicles.
Meanwhile, Bosch is planning to start offering OTA updates through control units and in-car communication infrastructure developed in-house, distributing the updates via its “internet of things” (IoT) cloud.
Research consultancy IHS Markit estimates that by 2022, 160 million vehicles globally will have the capability to upgrade their onboard computer systems over the air.
Electric carmaker Tesla recently demonstrated the benefits of OTA updates when Hurricane Irma was threatening Florida early in September.
As people were warned they should evacuate, Tesla owners were given an unexpected and potentially life-saving freebie – an extra 45 miles of range.
The ability to go further without a recharge was already built into the cars, but was unavailable to drivers until the company unlocked extra battery capacity.
“We have a certain number of cars which we sell at a 60kW [kilowatt] price point, but for reasons of manufacturing efficiency we install a 75kW battery, which people can upgrade,” a spokeswoman explains.
“A customer wrote to us and asked if it would be possible to increase it temporarily as they were planning their route out of Florida.”
Tesla unlocked the extra power by sending an OTA update to the cars via wi-fi or 4G.
But there’s no doubt that OTA updates present a new set of risks.
For a start, we’ve all, at one time or another, attempted to update the software on our computer or phone, only for the process to go wrong.
An unusable car could be rather more of a problem than a “bricked” – or unusable – phone.
More Technology of Business
In 2015, 15% of car recalls in the US were related to software errors, up from 5% four years before.
When an update fails, says the Tesla spokeswoman, it’s automatically re-sent, but this doesn’t always have the desired effect.
On one occasion early last year, a Tesla software update designed to add an “autopilot” feature is believed to have affected the climate control of thousands of vehicles.
Then there is the risk of “man-in-the-middle” attacks – hackers intercepting the updates in transit.
This is why extra special care is taken over OTA updates, says Robert Moran, an expert in car connectivity and security at NXP Semiconductors.
“There are checks at each stage of the update process,” he says. “Updated software coming over the air is going to be received in parallel.
“Only once it’s passed a number of security checks – Does it have validation? Is it from a trusted source? – is the new software actually used.
“It’s at a different level to what we have with laptops today.”
Manufacturers are also addressing the hacker threat by isolating the various systems in the car so that, for example, the radio is isolated from the steering wheel, the powertrain from the brakes – each system protected by its own encryption.
“Ultimately, as cars have become more connected, it does potentially create a bigger target,” admits Mr Moran, “and hackers have always altered their techniques as technology changes.”
But, he argues: “The fact that we can provide over-the-air updates is a security feature in itself, as it gives us the ability to respond and make changes.”
Carmakers know that consumer trust is crucial, so security it paramount. The big question is whether they are cleverer than the hackers.