What if 1 Lakh Connected Vehicles get hacked in a city simultaneously? We don’t even have a law on it as yet!

By Anuj Guglani CEO , World Auto Forum

 

Yes! this can be a sad reality, if we don’t know do something about it Now!

 
World Auto Forum getting all the Stakeholders viz Govts, Industry Chambers & Associations, IT Cos, Auto Cos, Telcos Together to Act on it
 

The Time to “Act” is “Now”!

20 Years back, one would read the news of just computers getting hacked. If back in 1990 someone had said, your car, or your fridge can be hacked. People would have laughed their guts out!  Well now computers run everything! And they are connected, so in short, anything can get hacked!

Whether its Power Grids, Transportation, Buildings, Public Infrastructures…list goes on..

IOT – Internet of Things or IOE – Internet of Everything are Great concepts. They are getting Big Push from the Govts, Enthusiastic IT Cos & Telcos! Well, all this is Nice!

But the problem lies in the fact that the “Design Genesis” of most Non IT Assets lies not in the present decade but in the last three or four decades. So by design our cars, fridges were not supposed to be IoT and IoE Enabled.

So, When you do make them IoT enabled now, the basic design doesn’t guarantee Security unless the accessing networks are super secure!

Taking the case of an Automobile. The ECU or the Electronic Control Unit which controls the Engine and other important Vehicle Operations, was never supposed to be connected or exposed to the outer world.

It was not designed or invented to be 24X7 connected to a cloud. So when you connect it to a cloud and the access is insecure, hackers can enter it and create havoc by remotely controlling & ravaging all important functions.

“A Hacked Vehicle is the Most Unsafe Place to be in”

We know about the infamous 2015 Jeep Cherokee Hacking Incident in the US. The Hackers got access through a port in the entertainment System, left open inadvertently during its service & check up.
The user was going down the highway at 70 mph in this vehicle and all of a sudden, he lost steering control. The wipers started moving with wiper wash fluid blurring the windshield. The AC Vents started throwing air at highest fan speed and lowest temperature. The Entertainment system switched to a local Hip Hop Radio Station  on its own and started playing at Peak Volume.
The hackers in track suits appeared on the Display screen of the system and started screaming, “You are Doomed!”. Brakes applied, Transmission Disconnected and eventually the vehicle was immobilised.

Now just imagine if hackers plan and target 1 Lakh vehicles in a City simultaneously. It can have a domino effect and perhaps affect a million vehicles and occupants. It can be catastrophic!

 

We already have 1.5 Million Drivers on Ola & Uber Platforms.

As of now, only the Cars owned by the aggregators’s fleet leasing arms have their ECU’s connected to a cloud.

Next few years, most cabs shall be connected vehicles. The biggest push shall come from the Govt for this.

But we don’t have Security or Legal Stds for Connected Vehicles in place as yet! 

Hackers can target vehicles around schools, colleges, Important Govt Installations. Attacks can be on Days of National & Religious importance.

In 2010 at Austin Texas, a hacker took access of 100 cars, shutting them down and sounding their horns!

In 2005 there was the emergence of an Attack called  Car Whisperer. Most Car Entertainment systems have unconnected bluetooth which are 24X7 “On”. The OEMS set 4 digit keys mostly as “1234” or “oooo”. This malaware could be used to inject audio or record “In Car” conversations! By applying a middleware/ equipment they could also extend the restricted bluetooth range of a few metres to more than a km!

Are the Authorities, Auto Cos, Service Providers, IT Cos & Consumers ready to handle such situations ? Especially when they are remotely staged and managed!

Present Situation

As shared, there are no standards for Security or Legal Liability for Connected Vehicles. At US, the SAE Standards came after the 2015 Jeep Cherokee Incident. Do we also wait for a similar incident? Absolutely Not!

We need to be ready with our standards. Lets do a good job at it. Lets make a set of standards, the world takes for reference as a Platinum standard amongst Standards!

This also came up during a Panel Discussion at 3rd WAFit! World Auto Forum on IT, held on April 27, 2019 , in Association with NASSCOM, FICCI & AT Kearney

 

Panelists : Gautam Kapoor | Partner | Deloitte , Vijay Sethi | CIO, CHRO & Head – CSR | Hero MotoCorp , Parna Ghosh | Group CIO | Uno Minda Group , Subhankar Pal | AVP – Research and Innovation | Altran , Kshitij Saxena | CEO | Autoninja , Anuj Guglani | CEO | World Auto Forum | Moderator

 

What We Urgently Need..

1.We need bank grade safety standard, if not Higher for Connected Vehicles

2. We need specific laws &  Compliances for suppliers, OEMs, telcos, Dealers

3. We need a Consumer Charter/Protection Law on this  – Rights & Duties

4. We need CCI -Competition Commission of India also involved to prevent any institution or Co from abusing dominant position.

5. World Auto Forum getting all the Stakeholders viz Govts, Industry Chambers & Associations, IT Cos, Auto Cos, Telcos Together to Act on it.

 If you wish to join in , just drop a message at anuj@waf.bz