Auto Tech

Cyber 'clampware' could strand cars and force owners to pay to move them

the-sun.png

Driers could be stopped in their tracks and forced to pay to move by hackers using ‘clampware’ attacks, experts have warned.

Cyber criminals would target software defects in radios, ECUs and on-board WiFi to immobilise cars and hold motorists to ransom at the roadside.

Drivers would then have a choice whether to pay up to release their car or be left stranded, waiting for assistance.

The warning comes in the wake of the WannaCry cyberattack which took out the entire NHS system and experts believe it’s only a matter of time before car software is targeted on a wider scale.

Controlled demonstrations have already been displayed in the US while several recent cases showed how cars were stolen from driveways in the UK by hacking into keyless systems.

The advent of driverless cars, vehicles connected to city infrastructure and cloud-based infotainment systems all offer criminals more ways than ever to take over motors.

MORE AUTO NEWS FROM THE SUN

Professor Martyn Thomas, IT professor at Gresham College, London said: “What is going to happen when ransomware becomes ‘clampware’, attacking automobile software through the vehicle’s radios, phones and other networks?

“Who will be responsible for rescuing stranded motorists and how long will it take?  Or will we all just have to pay what the criminals demand to release the car, lorry or ambulance?”

Software engineers often rely on a “test-and-fix” approach to cyber security but that would be even more dangerous in a car than a regular laptop.

Prof Thomas added: “A modern car contains tens of millions of lines of software – which with current software industry standards means many thousands of software defects.

“We need a radically different national cyber security strategy – one that maps out a route towards a world where software products are certifiably secure and where software manufacturers provide enforceable guarantees.”

The car industry is taking a proactive approach to hacking threats with security experts Thatcham Research working with Government and other specialists to draw up a basic framework and safety standard for manufacturers to adhere to.

One solution could be to introduce computer-style anti-virus systems within the car’s coding to lock out cyber criminals before they’re able to take control.

Andrew Miller, chief technology officer at Thatcham Research, said: “As cars become more connected, they also become more vulnerable to cyber attack.

“We are working with key members of the automotive industry to develop a cyber-security standard, much like the Euro NCAP star safety rating system.

“This will give drivers assurance that connected autonomous vehicles have been designed and tested to meet exacting cyber security standards.”