Over the last few years, emerging mobility technologies from CAVs to e-scooters have become the targets of malicious hackers. CAVs, for example, are complicated machines with many different components, which opens up many avenues for attack. Hackers can reprogram key fobs and keyless ignition systems. Fleet management software used worldwide can be used to kill vehicle engines. CAV systems can be confused with things as simple a sticker on a stop sign. Even the diagnostic systems within a vehicle, which are required to be accessible, can be weaponized against a vehicle by way of a $10 piece of tech.
For mobility-as-a-service (“MaaS”) companies, the security of their networks and user accounts is also at threat. In 2015 a number of Uber accounts were found for sale on the “dark web,” and this year a similar market for Lime scooter accounts popped up. Hacking is not even required in some cases. Car2Go paused service in Chicago after 100 vehicles were stolen by people exploiting the company’s app (the company is now ending service in the city, though they say it’s for business reasons).
The wireless systems used for vehicle connectivity are also a target. On faction in the current battle over radio spectrum is pushing cellular technology, especially 5G tech as the future of vehicle-to-vehicle communication. While 5G is more secure than older wireless networks, it is not widespread in the U.S., leaving vulnerabilities. As some companies push for “over-the-air” updates, where vehicle software is wirelessly updated, unsecure wireless networks could lead to serious vehicle safety issues.
So what can be done to deal with these cybersecurity threats? For a start, there are standard-setting discussions underway, and there have been proposals for the government to step up cybersecurity regulation for vehicles. A California bill on the security of the “internet-of-things” could also influence vehicle security. Auto suppliers are putting cybersecurity into their development process. Government researchers, like those Argonne National Labs outside Chicago, are looking for vulnerabilities up and down the supply chain, including threats involving public car chargers. Given the ever-changing nature of cybersecurity threats, the real solution is “all of the above.” Laws and regulations can spark efforts, but they’ll likely never be able to keep up with evolving threats, meaning companies and researchers will always have to be watchful.
P.S. – Here is a good example of how cybersecurity threats are always changing. In 2018, security researchers were able to hack into a smartphone’s microphone and use it to steal user’s passwords, using the acoustic signature of the password. In other words, they could figure out your password by listening to you type it in.