Articles, Connectivity & Telematics, Safety & Security

Will Ransomware Invade the Cars of Tomorrow?

The WannaCry ransomware strike was a strong reminder of the dangers of connectivity – and, more importantly, the risk of lax security. No corporation is too large or too small to become a victim of ransomware when vulnerabilities are exploited. If a business is not properly secured, it could become a target at any moment.
“You don’t hear about it because they pay,” said Brian Balow, a member and partner at the law firm Dawda, Mann, Mulcahy & Sadler PLC. “They don’t want it publicized.” Balow said that if a company is being ransomed, it means two things: (1) its security isn’t very effective and (2) the firm does not have any backups. “Ransomware is a big deal and part of the reason it’s not going away is because people pay,” he added.

What does this mean for the auto industry, which is at the onset of connectivity?

“It’s like the whole idea of the Internet,” Balow explained. “If you want to use it robustly, then [you’re] giving up a certain amount of privacy. It’s kind of the same idea with vehicle technology. We want to install the latest and greatest technology, and we want to be able to update the vehicle wirelessly, right? So if [an automaker] improves something in the brake module or in the infotainment system, [it can] push that down to every one of those vehicles.”
Connectivity may be more convenient, but it could bring a new set of challenges. At the very least, passenger data could be at risk. In the worst-case scenario, the vehicle could be hacked with malicious intent. Automakers might be tempted to implement a five-star rating system to highlight why their cars are safe, but Argus Cyber Security’s Meg Novacek is concerned this could invite future attacks.
“That in and of itself could still be a challenge,” said Novacek, who serves as Argus’ executive director of business development in North America. “The minute you give a rating and say, ‘Here’s the test you have to pass to get the rating,’ it basically says, ‘Oh, these are the things you need to be able to hack.’”

Consumers may also be leery of any hype surrounding vehicle security

“Sometimes telling a customer that you’ve got the safest car on the road opens up a couple cans of worms,” said Novacek. “Why are you talking about it? And what about your product before you started talking about it? Okay, so your 2018 model is safe – what about 2016!?”
Gail Gottehrer, an attorney and partner at Akerman LLP, expects automakers to combat the risk of ransomware and other malicious threats by enlisting in the help of white hat hackers. She expects new bounty programs that invite individuals to test their systems, find vulnerabilities and contribute any and all creative solutions.
“I think it’s going to be more of that, more of an effort to get out in front and tell people, ‘You don’t need to go behind the scenes and deal with ransomware, come to us. In all likelihood we’ll pay you or hire you,’” said Gottehrer. “A lot of these white hat hackers are in demand. It’s really become quite an industry if you’re good at what you do. I think you’re going to see more of that – embracing help from wherever it can come and not being proud about, ‘It has to be someone who works in our company.’”

About the author:

Louis Bedigian is an experienced journalist and contributor to various automotive trade publications. He is a dynamic writer, editor and communications specialist with expertise in the areas of journalism, promotional copy, PR, research and social networking.