Hackers could take over driverless cars to launch terrorist attacks, tech experts warn

20 Nov, 2017 19:21 / Updated 7 years ago

Nine million cars in the United Kingdom are connected to wi-fi and linked by small computers that control systems such as brakes or power steering. These miniature computers communicate with each other to control the car, so what would happen if a hacker took control?

As driverless cars begin to hit the road, one of the world’s experts in vehicle software has issued a grim warning: deaths will be inevitable in as little as five years if car manufacturers don’t do something to patch up the vulnerabilities in the technology.

Carsten Maple, University of Warwick professor of cyber engineering, said terrorists could take control of cars and use them as weapons.

“We’ve already seen vehicles used with devastating effect as weapons,” he said. “Cybersecurity researchers and industry must ensure that systems are engineered to stop new attacks. This requires us to think as an attacker would, rather than an engineer.”

In June, two separate terrorist attackers used motor vehicles in London to mow down members of the public in the name of an extremist cause. Eight people died and 48 were injured in the London Bridge attacks and one person was killed when a rented van was driven into a group of worshipers outside a mosque in Finsbury Park, north London.

Soon, terrorists could turn to hacking to weaponize cars. New York University computer scientist Justin Cappos wants computing systems in motor vehicles treated as an “urgent” national security issue.

“If there was a war or escalation with a country with strong cyber-capability, I would be very afraid of hacking of vehicles. Many of our enemies are nuclear powers, but any nation with the ability to launch a cyberstrike could kill millions of civilians by hacking cars. It’s daunting,” he said.

Cappos wants the government to make software updates mandatory, or lives may be at risk.

“Once in, hackers can send messages to the brakes and shut off the power steering and lock people in the car and do other things that you wouldn’t want to happen,” he added.
SQS Group advises businesses on software protection and digital transformation. Their principal security consultant, Stephen Morrow, believes that regulation is essential.
“Manufacturers must be accountable,” he said.

“A lot only want to do the minimum — security can be expensive and too many see it only as a tickbox exercise. This is serious, lives are at stake. Government is going to have to get involved and standards developed and enforced.”

Concerns over car hacking are shared by the public, with a survey conducted by Comparethemarket.com found that two-thirds think car makers must do more to protect vehicles from hackers, and nearly 60 percent of people have little confidence that modern, digitally connected cars are safe from cyberattacks.

The government told the Times that it had set out principles of cybersecurity that addressed governance and product design.