By Jorge Casuso, THE SANTA MONICA LOOKOUT
July 31, 2019
Imagine an attack as deadly as 9/11 only instead of aircraft slamming into buildings, 3,000 victims die on the road by losing control of their cars.
That nightmare scenario is laid out in a 48-page report titled "Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off" released Wednesday by Consumer Watchdog.
According to the report, some 17 million new internet-connected automobiles with mechanisms that control movement are deployed on America's roads each year.
By 2022, no less than two-thirds of the cars will be connected to wide-area communications networks that make them vulnerable to hackers who can commandeer the computer-controlled accelerating, steering and braking systems remotely.
"Millions of cars on the Internet running the same software means a single exploit can affect millions of vehicles simultaneously," the report warns.
"A hacker with only modest resources could launch a massive attack against our automotive infrastructure, potentially causing thousands of fatalities and disrupting our most critical form of transportation."
The alarm was raised by a group of car industry technologists and engineers who worked with consumer watchdog for the past five months to produce the report.
"Whereas the military and aviation industries carefully avoid connecting dangerous machines to the Internet, the auto industry has yet to learn this lesson.
"Technologists report the companies are deceiving the public about the risks and their inability to eliminate them after nearly a decade of trying."
The vulnerabilities, the consumer group notes, have been exploited in recent years in more than half a dozen high-profile hacks.
"All have been benign demonstrations, not intended to cause harm" and have focused on a single vehicle, the report said.
However, connecting the cars to wide-area communications networks "creates numerous avenues for a fleet-wide attack."
"Viruses can spread vehicle-to-vehicle. Malicious WIFI hotspots can infect any susceptible vehicle that passes within range," the report said.
"Cars can be infected with 'sleeper' malware that wakes at a given date and time, or in response to an external signal, resulting in a massive coordinated attack."
In the rush to get the new cars on the road, top-selling auto makers are covering up safety problems and engaging in "sloppy testing practices."
The report recommends requiring carmakers to install 50-cent “kill switches” in every vehicle that allow motorists to "physically disconnect their cars from the Internet and other widearea networks.
"Otherwise, if a 9/11-like cyber-attack on our cars were to occur, recovery would be difficult because there is currently no way to disconnect our cars quickly and safely," the report concludes.
To read the full report, click here.