Internet of Things

What Happens When Ransomware Hits Connected Cars?

Science fiction writer Arthur C. Clarke’s third law states that “any sufficiently advanced technology is indistinguishable from magic.” Most people apply this to alien civilizations descending from the stars with otherworldly machines, but what if the nonstop race for smarter, faster and more connected technologies is engendering the same kind of dumbstruck, blinded-by-science reaction in consumers now?

That’s what it looks like from Kelley Blue Book‘s perspective. After surveying nearly a thousand consumers on the future of connected cars, KBB analysts found that 42 percent “support vehicles becoming more connected.” Among millennials, 60 percent are in favor of more auto-drive and park-assist features in their cars. While those findings might not be surprising in and of themselves, all things being equal, who wouldn’t want such sophisticated technology? Seventy percent of all respondents were sure that hacking attempts on connected cars would be “a frequent problem” over the next three years at least.

How can so many drivers profess no confidence in connected car security, while clamoring for greater integration of the tech? Especially when senior KBB Analyst Karl Brauer says that the automotive industry’s nascent cybersecurity abilities mean that “vehicle hacking is almost inevitable?” While it might seem like consumers are talking out of both sides of their mouths, it may be more accurate to say that most just don’t have a grasp on what “hacking” might mean in the new age of an IoT-enabled world.

The KBB survey noted that, unlike high-profile new stories on Target credit card breaches or health care network hacks, the average consumer seems to have little time for cybersecurity news in the auto world. Just 26 percent of participants could recall a single instance of connected cars being affected by hacking, even though Wired‘s successful stunt to break into and remotely kill the engine of a connected Jeep vehicle hit the newstands and airwaves not even a year ago. But that doesn’t answer why this particular kind of security flaw isn’t raising consumer ire in the way that the optics of it would suggest.

Unless the optics are the reason in the first place.

First, consider how most high-profile security breaches impacting customers to date have occurred. Hackers gain entry to a retailer’s systems to steal credit card numbers, or they slip past a health care insurer’s firewalls to peek at Social Security IDs and other personal information. Whatever the intended target is, these attacks have mostly been of the snatch-and-grab variety, so if consumers do see any negative consequences, they could come months or even years after the original event.

As more mobile devices, in-home IoT appliances and connected cars join the grid, though, hackers are adjusting their business models, too. Instead of breaking in, taking what they need and getting out, attacks seeking ransom in exchange for the return of data or access to an account have been on the rise. Just last month, Los Angeles Times reported that Hollywood Presbyterian Medical Center was forced to pay $170,000 in bitcoin to an unidentified hacker after access to internal patient records were remotely sealed off from staff for nearly two weeks. On Monday (March 7), Reuters reported that the first instance of “ransomware” targeting Mac computers was identified over the weekend after being downloaded by an estimated 6,000 machines. A quick update from the software dev whose program was used to spread the ransonware fixed the issue but not permanently.

“It’s a small number, but these things always start small and ramp up huge,” John Bambenek, threat systems manager at Fidelis Cybersecurity, told Reuters. “There’s a lot of Mac users out there and a lot of money to be made.”

There are even more drivers out there, and a good portion of them want their vehicles to be as fluent with the growing world of connected devices as their similarly vulnerable laptops and smartphones are. However, it’s important to note that the hackers in both the Hollywood hospital and Mac ransomware incidents weren’t targeting data and information in the traditional sense; they were just preventing access to it.

The methods hackers use grow more sophisticated by the day, but that doesn’t mean they need to code loops around a firewall to wreak havoc. As the growth of ransomware shows, blocking access at key points can be a much more effective — and lucrative — way of doing business than snatch-and-grab attacks.

The question for consumers is: Will they still be so solidly in favor of a future of connected cars when they realize it won’t be their information but themselves in danger when their dashboard ICE isn’t strict enough?


New PYMNTS Report: The CFO’s Guide To Digitizing B2B Payments – August 2020 

The CFO’s Guide To Digitizing B2B Payments, a PYMNTS and Comdata collaboration, examines how companies are updating their AP approaches to protect their cash flows, support their vendors and enable their financial departments to operate remotely.