Could the Kill Switch Solution for Connected Cars Be a Death Sentence?September 19, 2019
GuardKnox’s Response to the Kill Switch
Although autonomous cars may be at least a decade away, many may be surprised to learn that any car built after 2003 is susceptible to cyber hackers and security should still be a key concern. These vehicles contain interconnected technology even though the functions and features may seem rudimentary or outdated by 2019’s standards. Meaning, they can easily be turned into moving weapons by malicious hackers, putting passengers, other vehicles and pedestrians in danger. Depending on the connected car’s features, cybercriminals can hack into the vehicle’s embedded systems to listen in on conversations, steal personal data, or even control the vehicle and cause it to crash.
There is currently no official standard for vehicle cybersecurity. Auto cybersecurity must be a top priority as vehicles become increasingly connected, and cyberattacks proliferate year over year. By 2023, in-vehicle commerce opportunities will drive the total number of smart vehicles above 775 million, according to a report by Juniper Research. OEMs and other auto companies are racing to provide the best solutions to keep consumers safe and their property protected from cyberattacks.
Recently, a Consumer Watchdog report, “Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off,” pointed out that fleet hacks of connected vehicles could become full-blown major national security threats that endanger all drivers on the road and beyond. Imagine a large fleet of connected trucks and their cargo being held hostage for ransom until they get paid, or them stopping traffic with the fleets or even ramming other cars off the roads. According to the report, a fleet-wide hack could cause approximately 3,000 deaths just from the one breach.
The Consumer Watchdog’s proposed solution is for all vehicles to have internet kill switches which would allow drivers to choose whether or not they want their vehicles to be connected.. While we applaud raising concerns about auto cybersecurity and are glad that this report emphasizes the associated dangers of this problem, the solution is not feasible given modern vehicle architecture and the importance that connectivity provides to automobile manufacturers.
The biggest misunderstanding is that vehicles are not just connected for infotainment purposes; cars have connectivity for telemetry, GPS tracking, performance tracking, and more. First, disconnecting screens would not work with modern vehicle architecture; consumers could potentially lose full functionality of their vehicle depending on the brand. Moreover, OEMs are constantly collecting data from current cars on the road to improve and optimize the next vehicle model with strategic upgrades from data-driven decisions such as better horsepower, better mileage, or more functional software options.
In short, a kill switch would inhibit a lot more than just infotainment, which is considered only a secondary benefit of a connected vehicle from the OEM perspective. A kill switch may not even allow some cars to turn on without the connectivity. Second, OEMs would be jeopardizing their own business by putting key data collection at stake, which would hinder their innovation and ability to improve the consumer experience.
Furthermore, the kill switch solution is predicated on the notion that something malicious has already infiltrated the vehicles' cybersecurity defenses. Whenever the driver inevitably turns off the kill switch to use connectivity again, even for just five minutes, that malicious actor can resume its attack and it is likely already too late for mitigation. Similar to malware on a laptop, disconnecting only momentarily delays the problem, but does not ultimately solve it. There is no silver bullet for replacing computer security and certainly none for the complexities of auto cybersecurity. Moreover, by the time the driver detects a problem, it would likely be too late to effectively use a kill switch.
The GuardKnox Approach
GuardKnox’s approach to vehicle security is specifically architected (patented Service-Oriented Architecture) to integrate seamlessly with the moving platforms’ embedded systems. It is built on the same foundational methodology that protects fighter jets. The GuardKnox design and patented technologies completely isolate safety-critical systems from non-safety critical (using hypervisors, separation kernels and partitioning) so that if one service or application should be comprised, it is not used as a stepping stone to penetrate safety critical systems / all others are not affected
The GuardKnox solution platform only allows approved communication to pass through the vehicles various systems instead of protecting every individual attack vector (of which there are many). We are able to achieve this through our patented Communication Lockdown™ Methodology which parses and lock down all communication between gateways, domain controllers and ECUs to ensure that every message is legitimate. Guardknox’s platform provides the type of digital safety and security that will enable widespread vehicle connectivity to fully realize its potential.
GuardKnox offers a deterministic model to cybersecurity, a specialized way to protect moving vehicles where enterprise cyber does not suffice, and where there is no active learning involved; all the learning has already been done before a passenger steps into the vehicle. This is applied through our Lockdown™ Methodology, the safest automotive security method that eliminates risks to the safety and security of smart vehicles while offering both flexibility and scalability.
Consumers do not need a kill switch, they need aviation-inspired cybersecurity that secures moving platforms to best protect themselves and their loved ones on the road.