The Auto Channel
The Largest Independent Automotive Research Resource
The Largest Independent Automotive Research Resource
Official Website of the New Car Buyer

APA Cyber Security Briefing at the DAC, Detroit, MI Reported By Martha Hindes


SEE ALSO: Cyber Security News Archive

Martha Hindes
Senior Editor
The Auto Channel
Michigan Bureau


Detroit MI February 3, 2016; Expect to buy a new car in the near future ? Be prepared to enter the "wild, wild west."

That's the assessment of a Detroit FBI agent who specializes in cyber security and the impact of hacking and other electronic threats on the future of what we drive.

Tom Winterhalter, Supervisory Special Agent, FBI Detroit Division, Cyber Squad was one of four cyber security specialists who spoke Wednesday in Detroit before the Automotive Press Association. The discussion was about the future of connected automobiles and how the familiar hacking, data or credit card theft we know on the internet or our smart phones when shopping is migrating to every vehicle that comes off the production line as cars and trucks become more connected and autonomous.

New cars now are evolving from a question of style, color, trim levels, amenities and class into a vulnerable means of losing our finances, personal data or even our lives if a hacker or cyber spy decided to invade the millions of lines of code that are going into today's vehicles and are propagating at warp speed.

A recent demo test of a vehicle taken over remotely from the driver by a hacker and the engine turned off is a mere hint of what could happen if a lone hacker, crime syndicate or even a hostile nation state decided to invade the electronics of a single vehicle, potentially sending it over a cliff or downloading corporate secrets from a CEO's I Phone connected through a vehicle's Bluetooth.

The big concerns become how to protect ourselves from these inevitable invasions, without losing our precious data or finances or giving up our sense of privacy and security in the process.

To date, cyber security specialist Anuja Sonalker does not know of a real world incident where someone's vehicle was attacked and taken over remotely by someone hacking into the vehicle. She is Vice President of Engineering, North America, TowerSEC, a start up automotive cyber security firm based in Ann Arbor, Michigan. That is one of a number of firms that are growing up rapidly to try to derail the overwhelming impact or potential devastation the threat could have on the industry and on individual drivers.

As vehicles become more interconnected -- where cars talk to each other or to roadway infrastructure or traffic control systems that are evolving -- it's only a matter of time. And it isn't a matter of including less electronics on a vehicle. That's unavoidable as federal mandates for safety and better fuel economy expand the need for more technology. According to Sonalker, already a vehicle has four times as much computer code as a new jet aircraft.

PHOTO (select to view enlarged photo)

Much of the issue is figuring out how to connect different auto makers so a threat to one can be shared and neutralized before it can get out of control, without compromising proprietary secrets or designs that are the lifeblood of each auto company. A hacking attack, for example, could jump from someone's smartphone taken into an auto and then, when connected, transfer to the vehicle's computer systems and then expand through a vehicle to vehicle communication to other cars or to the traffic monitoring centers. That could be rather like a biological virus moving from patient to patient through a sneeze or series of handshakes. Much of the current threat, said Sonalker, is seen as "monitizing," with the potential of gaining finances, or information that could lead to gaining wealth or control from corporate espionage

Some of that is being addressed through the creation of ISAC, (Information Sharing and Analysis Center a consortium of about three dozen of the top electronics and technology firms, including IBM, HP, Oracle, Intel and Cisco, whose mission is to be a forum for managing security risks, to strengthen automotive IT infrastructure, enhance incident response and share relevant information) which will become a major resource for OEM's to participate in sharing and disabling threatening situations, identify potential sources of attack and stop any threat to consumers before it can affect them. Sonalker said already many potential attacks have been intercepted and preventative measures made on those vehicles before they were on the road.

As understanding of the potential threats grows, so are the areas affected from technology, to identifying and neutralizing threats before they can spread, to legal and even to social media. Attorney James Giszczak of Bloomfield Hills, Michigan said this is a wide open area where a potential threat of perhaps vehicle tampering wouldn't even include someone actually touching the vehicle. His firm, McDonald Hopkins deals with industry cyber threat issues. He said that judges who are to hear cases often don't understand cyber crime on vehicles. Also, it isn't yet clear is someone could sue for potential damage if a vehicle's security and safety had been compromised by a hacker before an accident actually happened.

According to Sonalker, people need to compartmentalize what they use, and do such things as keep smart phones turned off, or cutting back on social media exchanges when driving to make their vehicles less vulnerable. "But even if the phone is off, their vehicle still is connected on the road," she said. So far, she thinks the industry is ahead of the game because of efforts to address the problem early on.

But everyone's help is needed, said the FBI's Winterhalter. People have to be the watchdogs -- from mom and pop businesses to major corporations to individuals when driving their own vehicles -- as cyber threats increase. If they notice something that doesn't seem right, they should immediately contact authorities as they all have their cyber investigators. That could be the local police, the local sheriff's department, or even the FBI. Depending on the incident or apparent threat it will be moved up or down the system so the proper agency can handle it, he said.


The Automotive Press Association was formed in 1990 to provide a forum for automotive journalists, public relations representatives and other interested media people for the exchange of information relating to their respective professions. More about APA.