A car on the street has a yellow visible cage of protection around, called "Appetitblocker für Hacker"; Picture with gradient

Blocker for hackers

It is still mostly the “good” hackers who use networked cars as targets for cyber attacks. One example is a crossindustry partnership between T-Systems and Argus Cyber Security.

Download article as PDF

Whether at Volkswagen or Toyota, Volvo or Peugeot, vehicles that roll off the manufacturers’ production lines today have around 100 million lines of programming code, seven times as much as a Boeing 787. So the car is a moving computer – and just like a computer, it can be hacked. Autonomous cars will offer a lot of potential for attacks. They could become prey for hackers, because the networked car is a real data oasis for them. On average, we spend more than four years of our lives in a car. During this time, cars are increasingly being used as an exchange platform for data – consciously or unconsciously. Even the current models are constantly exchanging information with the outside world. If attackers succeed in manipulating this data traffic or changing software, it becomes dangerous.

Steering with the accelerator pedal

Portrait of Yoni Heilbronn, Vice President Marketing at Argus in an Interview

“The art now is to not only protect software in the car against attacks, rather, the attacks must be detected in real time.“

Yoni Heilbronn, Vice President Marketing at Argus, on weaknesses in the car and the fight against car hackers.

Stefan Nürnberger, computer scientist and IT security expert at the Helmholtz Center for Information Security (CISPA) in Saarbrücken, has already hacked many cars. Searching for gaps in their IT infrastructure, the white-hat hacker often succeeds in attacking via faulty radio connections. If, for example, Bluetooth is not programmed correctly, malware can be smuggled in via a smartphone and the software in the car can be manipulated. In the simulator it can also become dangerous if the driver steers the car with the accelerator pedal after an intervention in the electronics.

Interview of Yoni Heilbronn,Vice President Marketing for Argus, about car weaknesses and the fight against car hackers.

Horror messages from hacked cars are still rare and “good” hackers usually reveal the weak points on behalf of car manufacturers or out of pure curiosity. The hacker, who calls himself L&M, demonstrated to the US tech magazine Motherboard at the end of April this year that he had broken into about 27,000 user accounts of two GPS tracker apps. This would not only have allowed him to determine the current position of the vehicles, regarding some of the cars, it would even have been possible to switch off the engine remotely while driving up to a speed of 12 mph.

Govware for cars 

Also for police and secret services the car seems to be a rich source for search and reconnaissance. The Central Office for Information Technology in the Security Sector (ZITiS), for example, wants to gain access to the car and use govware for this purpose. In March 2019, at the request of a member of the German Bundestag, the Ministry of the Interior replied: “The development of forensic investigation capabilities for connected cars and the provision of corresponding capacities are included in the fulfilment of ZITiS’ tasks.”

In any case, car manufacturers and suppliers are upgrading their IT security systems. Continental, for example, one of the world’s largest automotive suppliers is now pre-integrating security solutions from Israeli security pioneer Argus Cyber Security into the networked electronic components in automobiles. Argus has been part of the Continental subsidiary, Elektrobit (EB), since 2017. Its embedded software solutions are already installed in more than a billion vehicles worldwide.

Together, EB and Argus offer multi-layered, end-to-end cyber security solutions and services to protect networked vehicles from cyber attacks with solutions to protect individual electronic control units (ECUs) or the vehicle network. In addition, they enable mobile software updates with an over-the-air solution. T-Systems and Argus are pooling their security know-how in an industry-wide partnership. They are setting up an Automotive Security Operation Center to complement Argus’ in-car security solutions and protect networked cars from cyber attacks in real time.

Contact: Michael.Jochum@t-systems.com

More Information:  www.t-systems.com/strategy

Author: Roger Homrich
Photos: Continental, Argus Cyber Security

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.