At one point in time, “lock your car” was the only security advice most drivers needed. But as the automotive industry becomes more connected to the internet, recent hacks show that vehicle computer security has been neglected by manufacturers.
That’s why Intel, the microprocessor manufacturer, is creating the Automotive Security Review Board, to create standards and best security practices across the industry from “design to driveway.”
The board won’t have any official power, but will consist of “top security talent,” who Intel says will run security tests and audits to codify best practices. Basically: conform, or be hacked. Right now Intel is the only company involved, but it is incentivizing its researchers with a new car, awarded to the member who makes the most impact on cybersecurity.
One lucky researcher will win a new car!
Intel’s technology is already in BMWs, the Infiniti Q50, and the 2015 Hyundai Genesis, but the chipmaker has heavily invested in creating technology for more advanced, and even self-driving, cars. In fact, Intel unequivocally sees driverless cars as the future, burying a call to eliminate automotive fatalities by 2050 in a new white paper.
The white paper outlines 15 of the “most hackable” components on a next generation car, including the breaking and steering engine control unit (ECU), the remote key, and on-board diagnostics unit. Most of these components have already been exploited in recent hacks: the wireless key was hacked with a $32 device in June, and the infamous Jeep hack gained access wirelessly through the car’s on-board entertainment system.
The ASRB says that, while security is an issue, privacy can be just as important. Cars have the ability to collect mountains of data about their drivers, like current location, microphone recordings, call logs, and navigation history. To do this, Intel says that future security should rely on firewalls, continuous threat analysis, and over-the-air updates.
The white paper calls out organized crime and nation-states as specific threats as well, saying that if cars remain “softer targets” than government or private facilities, they stand at an increased risk of being hacked.