Here’s the scenario: You’re cruising in your electric car and you hear your doors lock all around you. A message pops up on your central console demanding you wire $10,000 in Bitcoin to a Russian hacker or else he’ll cut off your brakes and send you zooming, out of control down the highway.
That’s the nightmare scenario that a group of researchers, led by NYU Tandon professor Justin Cappos, wants to avoid. Cappos, along with collaborators from the University of Michigan Transportation Research Institute and the Southwest Research Institute, created a software security update framework for automobiles called Uptane, unveiled last week to reporters at an event at NYU Tandon.
NYU Tandon professor Justin Cappos. (Photo by Tyler Woods)
As our cars become more and more like computers with wheels, they will fall vulnerable to the same cybersecurity threats experienced by everything online now. Cappos said today’s cars have between 50 and 100 mini computers in them already.
“A car is still a mechanical thing but you can think of it as a bunch of computers that control mechanical aspects,” he said at a recent press conference at the engineering school. “They talk together and the networks inside of the car don’t have the necessary security to protect from a malicious hack. What security experts have shown is that they can go and exploit a problem in one part of the car to get into other parts that can disable the brakes, lock you in your car or turn on the A/C.”
Uptane, which has gotten funding from the U.S. Department of Homeland Security, is not a piece of antivirus software, but rather a way of thinking about software security in vehicles that Cappos hopes will become the industry standard. It suggests a separation of duties for different parts of the car’s software system doing different tasks, and a threshold of signatures, where for important software functions more than one actor will have to sign off on making changes.
“There’s Bluetooth, WiFi, cellular [communication],” said Sam Lauzon, of the University of Michigan. “Soon we’ll have vehicle to vehicle, so at any time there could be three or four devices communicating with your vehicle. Ten years ago this was all inside a car, they didn’t have WiFi or Bluetooth. Now all these systems are interconnected and hackers are finding ways of making them interact with each other in ways that weren’t intended.”
The researchers noted that we are still in the infancy of cybersecurity for cars. But in the years that come, particularly as cars become autonomous to varying degrees, this issue will come to the fore. These researchers are trying to get out in front of that problem.
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
3 ways to support our work:- Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
- Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
- Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!