MUNICH (Bloomberg) -- When friendly hackers landed a Fiat Chrysler Automobiles Jeep in a ditch last week, it sent a warning to BMW Group, Audi and Mercedes-Benz as the German premium automakers compete increasingly on technology rather than just horsepower.
Mercedes's E class will soon join the S class in being able to help steer itself, while Audi sent an unmanned RS7 down a track at race-car speeds and BMW's new 7 series responds to hand gestures and parks itself. All three already offer self-braking systems and highly automated cruise control that are slowly shifting driving responsibility away from the human and toward the machine.
Now the automakers must reassure consumers willing to spend upwards of 45,000 euros that it's safe to drive what has increasingly become a computer on wheels. All three companies say they have tools in place to thwart cyber-attacks, including encrypted connections and firewalls to shield safety and entertainment systems.
Still, today's cars are so complex that more hacks may be inevitable, said Rainer Scholz, a Hamburg-based executive director for telematics and mobility at consulting company EY.
"The difficulty for the carmakers at the moment is the question whether they can keep pace with advances in technology, and especially hacking technology," Scholz said. "We seriously doubt they can."
Carmakers currently tend to focus on systems security after the final product has been built, to then patch holes, Scholz said. And hackers no longer need access to an entire car -- which in the past might have required buying one -- in order to seek out vulnerabilities, he said. Just having access to one component, such as an entertainment console, might suffice.
Potential targets
The number of potential targets is growing. By 2020, about 90 percent of new vehicles in western Europe will be connected to the Internet, compared with about one-third next year, according to Hitachi. Cars are more vulnerable when networks connect all their features together, according to an automotive team from NXP Semiconductors, a Netherlands-based supplier for the auto industry as well as computer industries.
That's what happened in the Jeep hack, when a pair of researchers took control through the vehicle's entertainment system. The team that hijacked the Jeep shared their results with Fiat Chrysler, which recalled 1.4 million vehicles to fix the security flaw the hackers had exploited. The company said it's not aware of any real-world unauthorized remote hack into any of its vehicles.
Cars are increasingly evolving into full-service mobile devices that can find restaurants, make emergency calls and even park themselves. For drivers, these perks have meant letting go of more authority, and more personal data.
Mercedes, BMW and Audi said they separate different vehicle domains -- walling off the radio from the brakes, so to speak -- with firewalls and additional features such as public-key-cryptography and virus scanners. "Absolute, 100 percent safety isn't possible," said Benjamin Oberkersch, a spokesman for Mercedes's parent Daimler. "But we develop our systems, tested by internal and external experts, so they're up to date."
While hacks of German cars have fallen short of the stunt to which the Jeep was exposed, BMW had to fix a security flaw in one of its digital-services systems this year. A study by German auto club ADAC found hackers could wirelessly open BMW, Mini and Rolls-Royce vehicles in minutes. About 2.2 million vehicles equipped with BMW's ConnectedDrive service were vulnerable. The company closed the security gap with an automatic system upgrade that took place when vehicles connects to BMW's server. Manufacturers will need to take systems security for connected vehicles into account from the very beginning, said Cypselus von Frankenberg, a spokesman for BMW.
"Carmakers and their suppliers will be spending a lot more effort on defining security architectures in the future," said Lars Reger, chief technology officer at NXP's auto unit.
