Modern cars are packed from front to back with 'clever' chips; the software that is stored in them provides a large part of the functionality that the driving of a car requires (engine management, navigation, entertainment - just to give a few examples). And the end of this development is not in sight. For example, in 2018 all newly manufactured cars in Europe have to be 'connected' through the introduction of the E-call system (emergency call).

It is certainly no exaggeration to state that modern cars are a moving collection of computers that continually talk to each other and their environment. However, this computer system was not designed to keep hackers out; initiatives on the part of the car industry to improve cyber security are urgently needed, such as drs. H. Leenstra argues in research within the framework of the Stichting Cyber Security Academy The Hague.

All ICT systems in a car come together through the CAN bus – effectively the backbone of the car. And exactly this CAN bus is reasonably easy to access via the internet by hackers, who can influence the safe operation of the car directly. For example, in 2015 hackers succeeded to break into a Jeep Cherokee while it was moving and manipulate its brakes.

There are therefore, as Leenstra expresses, fundamental flaws in the ICT architecture of the current generation of vehicles. For example, it appears to be possible that the entertainment system can provide access to the engine system – while no good reason for this can be conceived. One of the recommendations from Leenstra is to redesign the current CAN bus system and introduce a strong separation between vital and non-vital systems. But even consumers have an important role to play: they can ask critical questions at the dealership about the state of cyber security of the car and how the manufacturer thinks they can prove that.

The research by Leenstra can be downloaded here.