Driverless car tech runs using millions of lines of code, offering hackers plenty of ways in
Sam Sheehan
12 September 2016

Autonomous cars will provide hackers with hundreds of thousands of security risks to take advantage of because of the masses of code needed to run their systems.

According to David Barzilai, founder and chairman of coding expert Karamba Security, the first truly autonomous vehicles will run using hundreds of millions of lines of code. This will leave hackers with masses of vulnerable software that can be hacked into in order to take control.

Barzilai explained that current top-end luxury vehicles with partial autonomous technology, such as the BMW 7 Series and Volvo XC90, already have about one hundred million lines of code. As this technology advances, so too will the number of opportunities for hackers and criminals to break into digital systems.

“The automotive market is a big risk [to hacking] because of its sheer scale,” said Barzilai. “Recently Chrysler had to recall 1.4 million cars because of a security risk, showing that just one hack can affect more than one million cars. That’s quite astonishing.”

Chrysler’s recall came after two security researchers managed to hack into the system of a Jeep Cherokee (pictured below) that featured the brand’s Uconnect infotainment system. They were able to work their way through the code to eventually take over the dashboard functions, gearbox and even the steering and brakes.

While the Chrysler incident was an isolated one and involved researchers who aim to iron out these risks, it served to emphasise the level of danger mass-produced models can face from hackers.

“As autonomous cars get more sophisticated and as more human functions move to the car, like looking around and steering, the danger increases,” continued Barzilai. “Hackers can hack into a car through its [internet] connected features such as the infotainment, and once in, they can work their way into the rest of the car’s controls.”

Barzilai’s company specialises in real-time time sealing and protecting code running in vehicle control units, according to factory settings, to reduce the chances of this happening. He likens the company’s work to weather proofing a home.

“If you live in a house, sometimes there are storms and the water looks for cracks to get into your house. We seal those cracks and protect the house while keeping the factory settings to keep things simple.

“By automatically hardening the code in the ECU in run time, bugs can’t be exploited. We do it in a way that the car manufacturer doesn’t need to change any software or hardware themselves.”

Karamba has only been around since 2015, but already the firm is engaging with global manufacturers. While no names can be revealed at this stage, Barzilai suggested that Karamba-hardened code could make it into production models in a couple of years.

Autonomous vehicle ECU security looks like it will become an increasingly important industry. However, Barzilai doesn’t believe the car industry will follow suit of the security industry for computers, for example, where aftermarket anti-virus protection is sold.

Instead, he expects the job of protecting car code to remain the responsibility of manufacturers.

“The solution won’t come to the end user like with computers,” he explained. “I believe it will be delivered by the manufacturers. Car managers and security managers are the ones to protect from bugs, not the end user.”

The battle won’t be won as soon as a car is sold, however, because hackers and criminal organisations wanting to take control of vehicles might attack a model’s systems long after it makes it to market.

Barzilai therefore thinks manufactures will make use of over-the-air technology, which can securely apply wireless software updates to vehicles, to keep up protection over a vehicle’s lifetime. If a new security risk is found, the car maker can issue a fix to all models running that software.

“The car industry tends to move slowly in this area, but the threat from hackers, criminals and terrorists is real,” continued Barzilai. “The US National Highway Traffic Safety Administration has said a couple of times that this is now a main concern. So I think there will be some new regulations to make sure car manufacturers block these risks before they are found.”

Read more:

Autonomous car insurance will be similar to normal policies, says report

How would you solve the autonomous car problem?

Our Verdict

Jeep Cherokee

Can Italian tech put this once-rugged off-roader ahead of the pack?

Add your comment

Log in or register to post comments

Find an Autocar car review

Driven this week

  • Porsche Panamera Turbo S E-Hybrid
    First Drive
    25 July 2017
    New top-of-the-line Porsche hybrid, though fast and flexible, is simply too heavy to strike the same sweet sporting compromise as its siblings
  • Caterham Seven 420R Donington Edition
    First Drive
    25 July 2017
    Limited-edition road-legal Caterham track car is a superbly enthralling drive, with enough creature comforts to be used on the road as well. Even more addictive than most of its rangemates
  • McLaren 570S Spider
    First Drive
    25 July 2017
    McLaren has created its most attainable drop-top by removing the roof from the 570S coupé, but none of the car's talent has come away with it
  • 2017 Range Rover Velar
    First Drive
    23 July 2017
    The Range Rover Velar is the most road-biased car Land Rover has made. So does it still feel like a proper part of the family?
  • Seat Ibiza
    Car review
    21 July 2017
    A model upon which Seat has staked its future, the new Ibiza must now deliver