With Car Thefts up 35%, Automakers Need a New Cybersecurity Strategy
Car theft rates are through the roof. Nationwide, grand theft auto is up 7%. In some states, such as Illinois, it is up 35%. In 2022, one million vehicles were stolen. Car theft hasn’t been this high since 2008.
Here’s the puzzling thing: other crime rates are plummeting. The latest quarterly data from the FBI shows all categories of violent crime down. That includes in cities, in suburbs, and out in the country. So why all the car thefts? I believe it is because cars are getting too easy for thieves to steal, and automakers need a new approach.
New cars and trucks can easily have 100 separate computer control units and 3,000 computer chips. But automotive security is lagging behind the security of other computerized devices because automakers’ security philosophies are lagging behind.
Automakers certainly have a budget for cybersecurity, and hire engineers to do exactly that. But they often cling to an outdated philosophy: security through obscurity. STO hinges on the bad guys knowing as little about your hardware and software as possible. Automakers even used this philosophy to justify locking OBD II data away so only dealership service techs can read the latest cars’ check engine lights. But it’s quickly becoming obvious STO doesn’t work.
You’d think you want hackers to know as little about computerized products as possible. But the truth is more nuanced. We’re quickly finding that someone somewhere will find a vulnerability eventually. If the company is as opaque as possible, the finders can sell knowledge of this vulnerability on the black market. Then professional hackers can use it for a big attack, stealing user data or worse.
In the automotive world, we’re seeing would-be thieves learn how to hack specific makes and models on social media. Various makes and models (Kias, Hyundais, Dodges, Rams, and now Camaros) all have a moment in the spotlight as it becomes “trendy” to steal them. But what is truly happening is a thief discovers a back door, shares it, then a bunch of other copycats steal the same vehicle.
To combat this problem on computers, most software companies now use an open source philosophy. They publish all the information they have. This means that anyone can look through their software for ways to break in. It’s very likely that multiple folks will notice vulnerabilities immediately and notify the developer. Then the developer will fix it.
A key aspect of this philosophy is that your end user updates the software they use regularly. That is another aspect of cybersecurity that the auto industry is missing. Vehicle owners need to be seeking out the latest generation of software. It must become as common a practice as changing your oil. This is a level of inconvenience automakers may hesitate adding. But the truth is, if you want a car with computers you’ll have to take care of it a bit like you would a computer. Keeping your car safe may depend on it.
Next, read my exclusive interview with an automotive cybersecurity expert, or learn about rising auto theft rates in the video below: