The charging port of the Mercedes-Benz EQC 400 4Matic electric vehicle is seen at the Canadian International Auto Show on February 13, 2019 in Toronto, Ontario, Canada.
Mark Brinch | Reuters
Analysts say the auto industry is increasingly using wireless technology to update vehicle systems, making it more susceptible to cyberattacks, and are calling for more intervention in the sector.
OTA technology is a wireless technology that allows new software, firmware, patches, and data to be delivered to Internet-connected devices.
tesla Jason van der Schiff, cyber technology security researcher at the Australian Strategic Policy Institute, said this had helped normalize the technology, which was now embedded in many automotive applications.
Siraj Ahmed Shaikh, professor of systems security at Swansea University in the UK, told CNBC: “This technology is increasingly being welcomed as it allows us to manage vehicle systems quickly and cost-effectively compared to traditional methods that may have required recalls and updates during routine maintenance.”
However, the increasing penetration of OTA technology in the automotive industry has raised concerns, especially regarding transportation infrastructure.
Gabriel Lim, a senior analyst at Singapore’s S. Rajaratnam School of International Studies, told CNBC that its use represents a “unique national security concern.”
“Apart from data privacy concerns, the possibility of foreign attackers interfering with control of moving vehicles has been raised by countries such as Norway, Denmark and the UK,” Lim added.
The American Enterprise Institute warned in May that protecting the auto sector is critical to limiting foreign government espionage.
“To protect against the threat of foreign espionage, the United States should consider additional security reviews, implement restrictions on certain foreign hardware and software installed in vehicles, and require enhanced disclosure of data collection,” the report said.
“You have access to the control system”
Concerns have been raised after actual testing revealed vulnerabilities.
Late last year, Norwegian bus company Router conducted tests on two buses and found one had potential risks related to OTA technology.
“Through the Romanian SIM card, the battery and power control system can be accessed via the mobile network. Therefore, in theory, this bus could be stopped or rendered inoperable by the manufacturer,” the company said.
Ruuter’s investigation subsequently prompted Britain and Denmark to launch their own investigations, with the UK Department for Transport saying it was looking into the matter and working closely with the country’s national cyber security centre.
Although these studies were carried out on buses made by Chinese company Yutong, Professor Shaikh said the problem extends beyond one manufacturer or country as the technology becomes more widespread.
“Other sectors adopting OTA include other modes of transportation such as shipping and rail, aerospace (particularly drones), industrial machinery, and robotics,” he said.
RSIS’s Mr Lim emphasized the importance of taking responsibility for the adoption of this technology as it becomes more widespread. “It is important for us to recognize this technology and hold companies and governments accountable for how OTA systems are applied, and especially how they quietly run in the background of the technology we use in our daily lives.”
