According to some of the top automobile-technology manufacturers, highly autonomous driving could hit our roads by 2020, with these vehicles then on the market only 5 years later. There are some doubts about these estimates, but the truth is that level 4 and 5 (high automation and full automation) self-driving prototypes are already being announced in international shows. The downside in all this is that this new technology and progress is already producing problems and challenges that society needs to tackle before taking the next step.

This situation has been addressed by GMV experts Carlos Sahuquillo, Automotive Cybersecurity Consultant, and Igor Robles, Automotive Cybersecurity Research Engineer, in a paper given at RootedCON in Valencia under the title “Car Hacking: from Angelina Jolie to Charlize Theron”. Their chat focused on cybersecurity, kicking off with an intro on the evolution of intra-vehicle networks and ended up taking about state-of-the-art cybersecurity.

Sahuquillo and Robles’s presentation concentrated on how hackers might exploit some of the vulnerabilities of current connected car networks to take over control of the vehicle. To head off this danger cybersecurity has to advance hand in hand with technological breakthroughs. This is essential in order to avoid such insecurities as the following: getting into a vehicle without the key; causing vehicles to swerve whilst running on the road or even fooling drivers by showing them false information about the state of the vehicle or its surroundings.

The pair of experts also mentioned some of the commonest connected-car attacks that are now cropping up. These include cybercriminals capable of getting into a car in less than 20 seconds by merely breaking the quarter light and fitting a device that then opens the car without a key, geolocating a car to know where it is at all times and even sending commands to the car network to flag a false breakdown on the dashboard, so the owner leaves the car parked and the thieves can move in and steal it.

One of the funniest moments of the chat came when they ran a video showing a car apparently in movement according to the satnav but then the view pans out to show it is actually sitting in a parking lot. This is an example of an attack known as GPS Spoofing, which tricks the satnav, allowing wrongdoers to deviate the car as they like and even cause an accident.

Lastly, Sahuquillo and Robles ran another short video showing how a vehicle’s ECU can be hit by a denial of service attack, prompting the dashboard to flash with alarms and flag up false faults and breakdowns.