What if 1 Lakh Connected Cars get Hacked Together?

By Anuj Guglani CEO , World Auto Forum

Yes! this can be a sad reality, if we don’t know do something about it Now!

World Auto Forum getting all the Stakeholders viz Govts, Industry Chambers & Associations, IT Cos, Auto Cos, Telcos Together to Act on it

The Time to “Act” is “Now”!

20 Years back, one would read the news of just computers getting hacked. If back in 1990 someone had said, your car, or your fridge can be hacked. People would have laughed their guts out! Well now computers run everything! And they are connected, so in short, anything can get hacked!

Whether its Power Grids, Transportation, Buildings, Public Infrastructures…list goes on..

IOT – Internet of Things or IOE – Internet of Everything are Great concepts. They are getting Big Push from the Govts, Enthusiastic IT Cos & Telcos! Well, all this is Nice!

But the problem lies in the fact that the “Design Genesis” of most Non IT Assets lies not in the present decade but in the last three or four decades. So by design our cars, fridges were not supposed to be IoT and IoE Enabled.

So, When you do make them IoT enabled now, the basic design doesn’t guarantee Security unless the accessing networks are super secure!

Taking the case of an Automobile. The ECU or the Electronic Control Unit which controls the Engine and other important Vehicle Operations, was never supposed to be connected or exposed to the outer world.

It was not designed or invented to be 24X7 connected to a cloud. So when you connect it to a cloud and the access is insecure, hackers can enter it and create havoc by remotely controlling & ravaging all important functions.

“A Hacked Vehicle is the Most Unsafe Place to be in”

We know about the infamous 2015 Jeep Cherokee Hacking Incident in the US. The Hackers got access through a port in the entertainment System, left open inadvertently during its service & check up.

The user was going down the highway at 70 mph in this vehicle and all of a sudden, he lost steering control. The wipers started moving with wiper wash fluid blurring the windshield. The AC Vents started throwing air at highest fan speed and lowest temperature. The Entertainment system switched to a local Hip Hop Radio Station on its own and started playing at Peak Volume.

The hackers in track suits appeared on the Display screen of the system and started screaming, “You are Doomed!”. Brakes applied, Transmission Disconnected and eventually the vehicle was immobilised.

Now just imagine if hackers plan and target 1 Lakh vehicles in a City simultaneously. It can have a domino effect and perhaps affect a million vehicles and occupants. It can be catastrophic!

We already have 1.5 Million Drivers on Ola & Uber Platforms.

As of now, only the Cars owned by the aggregators’s fleet leasing arms have their ECU’s connected to a cloud.

Next few years, most cabs shall be connected vehicles. The biggest push shall come from the Govt for this.

But we don’t have Security or Legal Stds for Connected Vehicles in place as yet!

Hackers can target vehicles around schools, colleges, Important Govt Installations. Attacks can be on Days of National & Religious importance.

In 2010 at Austin Texas, a hacker took access of 100 cars, shutting them down and sounding their horns!

In 2005 there was the emergence of an Attack called Car Whisperer. Most Car Entertainment systems have unconnected bluetooth which are 24X7 “On”. The OEMS set 4 digit keys mostly as “1234” or “oooo”. This malaware could be used to inject audio or record “In Car” conversations! By applying a middleware/ equipment they could also extend the restricted bluetooth range of a few metres to more than a km!

Are the Authorities, Auto Cos, Service Providers, IT Cos & Consumers ready to handle such situations ? Especially when they are remotely staged and managed!

Present Situation

As shared, there are no standards for Security or Legal Liability for Connected Vehicles. At US, the SAE Standards came after the 2015 Jeep Cherokee Incident. Do we also wait for a similar incident? Absolutely Not!

We need to be ready with our standards. Lets do a good job at it. Lets make a set of standards, the world takes for reference as a Platinum standard amongst Standards!

This also came up during a Panel Discussion at 3rd WAFit! World Auto Forum on IT, held on April 27, 2019 , in Association with NASSCOM, FICCI & AT Kearney

What We Urgently Need..

1.We need bank grade safety standard, if not Higher for Connected Vehicles

2. We need specific laws & Compliances for suppliers, OEMs, telcos, Dealers

3. We need a Consumer Charter/Protection Law on this – Rights & Duties

4. We need CCI -Competition Commission of India also involved to prevent any institution or Co from abusing dominant position.

5. World Auto Forum getting all the Stakeholders viz Govts, Industry Chambers & Associations, IT Cos, Auto Cos, Telcos Together to Act on it.

If you wish to join in , just drop a message at anuj@waf.bz

About the Author

Anuj Guglani CEO World Auto Forum

An Engineering Graduate from Nagpur University and an MBA from IIT Delhi, he also has an LLB degree from Faculty of Law, University of Delhi.

Anuj Guglani is the Founder & CEO at World Auto Forum since 2009. He has also been CEO of ACE at Work – a consulting firm for training, strategy and SOPs for auto makers and auto dealers across the world.

From 2001 to 2007, he worked with Honda Cars and General Motors across Channel & Institutional Sales, Product and Retail Sales training.

He is also the founder of MotorUncle.com, which is a a Web app for the confused Car Buyer and Hassled Car Service Customer.

He is also the Co-founder and partner at a Green Energy Consortium called Jan Oorja, that produces Bio-CNG from Waste for a cleaner greener and healthier earth.

Mr. Anuj Guglani is also the head of an NGO called Citizens for Better India that works towards improving the lives for women, children and senior citizens.

What if 1 Lakh Connected Vehicles get hacked in a city simultaneously? We don’t even have a law on it as yet!