21st century car thieves could switch from car jackings to car hackings

Advanced car electronics could be vulnerable to cyber hacking.

The availability of in-car technologies is growing at a phenomenal rate, but some experts are concerned that the wide-spread adoption of advanced electronic components could leave vehicles susceptible to cyber hacking.

Although vehicle hacking might sound like the something out of the next sci-fi thriller, it's actually a lot more possible today than most drivers might think. In fact, two scientists from the University of California-San Diego and the University of Washington were recently able to hack into a vehicle's safety systems via its infotainment system.

"There clearly is a vulnerability," Adrian Lund, president of the Insurance Institute for Highway Safety, told The Detroit News. "All these electronics we're bringing into cars seem to exacerbate that."

Infotainment systems like navigation and Bluetooth are intended to be completely separate from safety systems, but a National Academy of Sciences panel recently warned that "it is not evident that this separation has been adequately designed for cybersecurity concerns."

Experts aren't concerned that hackers might remotely drive a car off a cliff, but rather gain access to electronics that could unlock or start a vehicle. However, key vehicle components like brakes and throttles are now controlled by computers, so it's possible those systems could be compromised.

"Once you have access through the infotainment system, the question is could a hacker get access to the safety-critical components," Andre Weimerskirch, chief executive officer of security company Escrypt, said.

No easy solutions
Although creating standards for things like seat belts and airbags is fairly straightforward, coming up with a single standard for cybersecurity isn't so easy. Electronics vary greatly from automaker to automaker, and altering current systems can be costly. Automakers are working closely with government agencies to come up with a solution, but specific performance minimums remain difficult to pin down.

Moreover, the National Highway Traffic Safety Administration, the body that oversees vehicle safety, is ill-equipped to test cybersecurity systems. As Toyota's recent issues with unintended acceleration revealed, the NHTSA simply doesn't have the personnel or knowledge to deal with today's advanced vehicle electronic systems.