A Cloud-Connected Car Is a Hackable Car, Worries Microsoft

Illustration: Randi Klett

Way back in the 1980s I watched my computer-geek friend manipulate the hot-rolling process of his client's steel mill in Cleveland in real time—from his home. I wondered whether millions of dollars and dozens of lives might be destroyed should this great power somehow fall into the wrong hands.

"Yes," he explained.

That's the difference between hacking a physical rather than a virtual entity.

Nowadays steel plants and other super-sensitive industrial machinery are (or should be) walled off from the Internet. That's why the worm Stuxnet, the only known cybersaboteur to derail physical processes, apparently had to wend its way to Iran's nuclear enrichment plant via memory sticks. Once inside it would seem to have spread on local networks. 

But tomorrow's autonomous cars will be far more vulnerable because they will be networked, says Michal Braverman-Blumenstyk, the general manager of cybersecurity at Azure, Microsoft’s cloud service. She was speaking today at a Tel Aviv conference, as reported in the Wall Street Journal.

“Some of the functionality of connected cars can be accessed remotely—velocity adjustment for example,” she said. “If police are chasing a criminal, you’d want the police to be able to slow the suspect’s car down. However, if a malicious entity gets hold of the car, the damage is limitless.” 

It's a sobering thought to entertain just as the cyberworld is scrambling to fix the OpenSSL vulnerability, aka "Heartbleed," which appears to have stripped connected devices naked the world over. 

Tomorrow's autonomous cars will need to access networks to augment their onboard sensors. But even today's semi- or non-autonomous cars are getting connected. Already governments are speaking of mandating a capability for "car2car" talk, as it's called, which would let cars learn through the grapevine about what may lie on the other side of a coming bend in the road. A similar "car2I" capability would let vehicles query infrastructure to learn about traffic routing and local rules of the road. 

Car companies, including GM, Chrysler and Audi, are already beginning to use wireless connections to update software. After battery fires in Tesla's Model S electric car, the company sent an "over-the-air software update" to the cars' active suspension systems that directed them to maintain a greater clearance with the ground. That way, debris kicked up would be less likely to damage the battery pack.

This could be big, according to Bill Fleming, senior editor of IEEE Vehicular Technology Magazine.  "Nearly 60 to 70 percent of vehicle recalls in major automotive markets in North America and Europe are due to software glitches," he writes in the March issue. The problem will only grow along with the software line-count.  

Advertisement

Tech Talk

IEEE Spectrum’s general technology blog, featuring news, analysis, and opinions about engineering, consumer electronics, and technology and society, from the editorial staff and freelance contributors.

Newsletter Sign Up

Sign up for the Tech Alert newsletter and receive ground-breaking technology and science news from IEEE Spectrum every Thursday.

Advertisement