Recently, several members of Congress led by Senator Ed Markey, D-Mass., have directed the public’s attention at the connected vehicle and the absence of security to protect vehicles from hacking. These allegations were clearly on the mind of attendees at a “Vehicle Cyber Security Summit” that I recently attended in Detroit. While it seemed like consultants outnumbered the vehicle manufacturers at the event, there was a substantial number of car companies and suppliers in attendance.
The overriding message at the summit was that the Control Area Network (CAN) used on vehicles today to permit internal vehicle computers to talk to each other was not designed with the connected vehicle in mind. Therefore, the interconnected vehicle systems under the CAN are extremely vulnerable to cyber-attack. Further, the growing political pressure on vehicle manufacturers is expediting action although many companies are still in the process of determining what strategies to employ in order to protect their vehicles.
Many “cyber security experts” focused on the OBD II port as a primary vulnerability for the vehicle's operating systems. Speakers pointed to the use of "aftermarket dongles" as a major concern where someone could use the dongle to send a message into the vehicle's computers that would cause the car to operate improperly. The dongles are the devices offered by insurance companies and many auto care companies that plug into the OBD II ports and are able to transmit diagnostic and driver information using cell phone technology.
The auto care industry will have to closely watch what measures that the car companies implement to protect their systems at the OBD II port. A decision to encrypt data traveling over the CAN could create major headaches for the companies that build tools for the independent auto care industry. Further, those companies that have plans to use dongles to provide telematics solutions for consumers could be left out in the cold if the car companies implement solutions that prevent these devices from working.
Clearly protecting the security of a vehicle is of prime importance to everyone in the automotive and auto care industries. However, the solutions developed to address this critical concern also need to take into account the need for consumers to obtain repairs of these vehicles, whether they perform the work themselves or use an independent service facility.