TRAVERSE CITY, Michigan -- If automakers don't take control of vehicle software, self-driving cars could be riddled with bugs that leave them vulnerable to hackers, said Ami Dotan, CEO of Karamba Security, an Israeli company specializing in connected-car security.
"Every 1,800 lines of code have some bugs. Out of those, 80 percent have been found to be security vulnerabilities," Dotan said Monday during a presentation at the CAR Management Briefing Seminars. "The number of potential security vulnerabilities is 5,000 in a connected vehicle and 15,000 in an autonomous vehicle. That is mind-boggling."
Dotan cited hacks made on Fiat Chrysler, Audi, BMW, Tesla and Volkswagen vehicles.
Self-driving cars are likely to have more than 300 million lines of code -- roughly 20 times more than the 15 million lines in a Boeing 787 Dreamliner, he said. "The car has been the most complex transportation platform existing."
To prevent hackers from gaining control of connected vehicles through onboard computers that run the telematics, infotainment and powertrain systems, automakers need to stop relying on suppliers of electrical components for security, Dotan said. The suppliers often use industry best practices when writing code, and some of those practices are easily exploited, he said.
Dotan showed a short demonstration video made by Chinese company Tencent Keen Security Lab, in which a Tesla vehicle was hacked and remotely made to brake, causing the driver to lurch forward into the steering wheel.
Hackers can gain access to a car's computers in a number of ways, he said, such as through the infotainment or telematics systems. Even vehicles that were designed to prevent hacker access to safety systems are vulnerable.
Even though self-driving cars are years away, hackers are targeting some of the vehicles' electronic building blocks. To combat that, Dotan recommended that automakers ensure that electronic control units are "hardened" to detect unauthorized attempts to change the software.
One way to do that is to automatically have vehicle software revert to factory settings whenever it detects an unauthorized attempt to gain access. Dotan said automakers are not doing enough to prevent hackers gaining access to vehicles.
"Defense is the right measure," he said. "This is not something out of the future. It's happening now."
