Cybersecurity risks posed by over-the-air tech in autos has analysts concerned
The automotive industry's increasing use of over-the-air technology makes it more susceptible to cyberattacks, analysts say.
A charging port is seen on a Mercedes Benz EQC 400 4Matic electric vehicle at the Canadian International AutoShow in Toronto, Ontario, Canada, February 13, 2019.
Mark Blinch | Reuters
The automotive industry's increasing use of over-the-air technology to update vehicle systems makes it more susceptible to cyberattacks, analysts say, urging more intervention in the sector.
OTA technology is wireless tech that can deliver new software, firmware, fixes and data to internet-connected devices.
Tesla began deploying over-the-air updates to its Model S vehicles in 2012. This helped normalize the tech, according to Jason Van der Schyff, a fellow of cyber, technology and security at the Australian Strategic Policy Institute, who noted it is now embedded across much of the automotive sector.
"The technology is increasingly welcomed as it is a quick and cost-effective way to manage systems on vehicles, over traditional methods which may have required a recall or update at routine maintenance," Siraj Ahmed Shaikh, professor in systems security at Swansea University in the U.K, told CNBC.
The growing penetration of OTA technology in the auto industry has raised concerns, however, particularly regarding transportation infrastructure.
Its use represents "a unique national security concern," Gabriel Lim, senior analyst at the S. Rajaratnam School of International Studies in Singapore, told CNBC.
"Aside from data privacy concerns, the potential of a foreign actor sabotaging the controls of a moving vehicle is a possibility that countries like Norway, Denmark, and Britain have expressed concerns about," Lim added.
In May, the American Enterprise Institute warned that safeguarding the automotive sector was crucial to limit foreign governments' espionage capabilities.
"To protect against foreign espionage threats, the US should consider additional security reviews, implement restrictions on certain foreign-made hardware and software in vehicles, and mandate increased data-collection disclosures," the report said.
'There is access to the control system'
The concerns come as real-life tests reveal vulnerabilities.
Late last year, Norwegian bus company Ruter conducted tests on two buses and found that one had potential risks linked to OTA technology.
"There is access to the control system for battery and power supply via mobile network through a Romanian SIM card. In theory, therefore, this bus can be stopped or rendered inoperable by the manufacturer," the company said.
The investigation by Ruter then sparked the U.K. and Denmark to conduct their own investigations, with the U.K.'s Department for Transport saying it was looking into the issue and working closely with the country's National Cyber Security Centre.
While these investigations were conducted on buses made by Chinese firm Yutong, Professor Shaikh said the issue goes beyond one manufacturer or country, as the technology becomes more pervasive.
"Other sectors adopting OTA include other transport modes [such as] maritime and rail, aerospace (particularly drones), industrial machinery and robotics," he said.
As it becomes more widespread, the RSIS' Lim stressed the importance of taking responsibility for the implementation of the tech. "It is crucial for us to be aware of this technology, and to hold entities and governments accountable for how OTA systems are applied, especially how they run quietly in the background of the technologies we use in our everyday lives."
KickT