麻豆传媒

Skip to main content

New report highlights potential cybersecurity risks with electric, automated vehicles

FILE - In this Thursday, Aug. 18, 2016, file photo, Uber employees test a self-driving Ford Fusion hybrid car, in Pittsburgh. (AP Photo/Jared Wickerham, File) FILE - In this Thursday, Aug. 18, 2016, file photo, Uber employees test a self-driving Ford Fusion hybrid car, in Pittsburgh. (AP Photo/Jared Wickerham, File)
Share

As more electric, automated and connected vehicles hit global roads in the , a new by Deloitte Canada details how cybersecurity risks could emerge for Canadian drivers.

The report roadmaps how the development and implementation of cybersecurity measures should be applied to advanced transportation technologies, which are becoming increasingly capable of storing personal information about drivers and passengers, and of being controlled and accessed by remote devices.

鈥淢odern vehicles are super-computers on wheels,鈥 said Stephen Meagher, director of cybersecurity and IOT and risk advisory at Deloitte, in a phone interview with CTVNews.ca Wednesday.

鈥淭here are hundreds if not thousands of developers of parts manufacturers -- from small chip manufacturers and firmware development all the way to control units and mobile applications that can connect to vehicles,鈥 he explained.

Meagher said that evolving and multifaceted technology ultimately increases what is called 鈥渢he attack surface area.鈥 This is described as systematic vulnerabilities, or cybersecurity gaps that widen the likelihood of a device being compromised.

For instance, 鈥渧ehicles now come with mobile applications -- whether that be for direct control and access of the vehicle or control of several vehicles,鈥 he said.

This mobile access, he explained, can introduce risks far beyond data privacy breaches.

The report identifies an incident last year when 25 automated vehicles that were owned by a transportation company were hacked and remotely accessed.

鈥淭he teenaged hacker was able to determine each vehicle鈥檚 exact location, whether it was occupied by a driver, and, most significantly, run commands on it remotely,鈥 the report explained.

Other cyber risks that Deloitte鈥檚 report identifies include GPS tracking and stalking, targeted malware, and control of vehicle acceleration and braking.

With vast advancements in automated transportation tech, the report warns that hackers could become more capable of operating cars remotely.

According to the report, in 2021, 84 per cent of cyberattacks on vehicles were carried out remotely. Over 50 per cent of cybersecurity-related automotive incidents 鈥渆ver reported鈥 had occured in the last two years, according to the company鈥檚 research.

Deloitte鈥檚 report also states that the 鈥渞ise in automotive cyber incidents is predicted to keep growing.鈥

The reason cited for this growth is the increasing amalgamation of hardware and software components. 鈥淚n many instances, responsibility can fall on multiple stakeholders within the automotive supply chain,鈥 it reads.

Meagher suggests that a shared responsibility of all part manufacturers is required to mitigate cybersecurity risks.

鈥淥ur approach to this is that, whether you be a fleet owner, a manufacturer, or a government [determining the] regulation of data privacy in a country, it鈥檚 the responsibility of all of those parties to make sure that, holistically, we have a good cybersecurity stance to make this market move forward,鈥 Meagher said.

Meagher said that vehicle manufacturers, fleet owners, and city jurisdictions need to start considering how they can better ensure the safety of their drivers 鈥 namely, by better understanding each individual part that makes up a vehicle, and collectively evaluating the risk each part brings forward.

鈥淏ecause they鈥檙e not inherently part of the normal instructure for the automotive supply chain, there have been several shortcomings in the security and development of those applications,鈥 he said. 鈥淲e need to ensure that the multiple components of a vehicle are secure to and from each other."

LEGAL TERRAIN OF CYBERSECURITY

Some of this 鈥渟hared responsibility鈥 can eventually fall upon cybersecurity legislation, said Helene Deschamps Marquis, partner and national leader of data privacy and cybersecurity at Deloitte Legal Canada. However, no laws of this nature currently extend to automated vehicles.

Some preventative measures, she said, can lead the way.

Marquis, who specializes in cybersecurity breaches and privacy compliance laws, spoke to CTVNews.ca in a phone interview Wednesday about a philosophy called, 鈥溾 -- an approach to technology legislation that promotes embedding privacy design and cybersecurity measures within the architecture of IT systems and business practices. The approach differs from adding ambiguous consent options that can easily be overlooked by a user.

In June of this year, the , 2022 -- Bill C-27 -- was introduced by Canada鈥檚 federal government, pledging (if passed) to enforce 鈥減rivacy by design鈥 measures, which would be upheld within automation and artificial intelligence technology industries.

鈥淭hese measures,鈥 Marquis said, 鈥渨ould extend to transportation.鈥 .

But when it comes to car manufacturers, 鈥減rivacy by design鈥 will also depend on the type of information that is gathered, she explained. This information is what widens the 鈥渁ttack surface area鈥 of a vehicle.

鈥淭he reality of these autonomous vehicles is not clear yet. It鈥檚 not clear how they鈥檙e going to use the data. It鈥檚 not clear how they鈥檙e going to use AI [to collect it].鈥

Future legislation, she explained, will depend on how [the technology] develops, and how each manufacturer deals with [the risks].鈥

At the end of the phone interview, Marquis pointed out that human error is not the real threat here.

鈥淎I needs to be ethical,鈥 she said. 鈥淎nd we need to know how it makes decisions.鈥

CTVNews.ca Top Stories

A team of tornado experts is heading to Fergus, Ont. after a storm ripped through the area Sunday night.

Why brain aging can vary dramatically between people

Researchers are uncovering deeper insights into how the human brain ages and what factors may be tied to healthier cognitive aging, including exercising, avoiding tobacco, speaking a second language or even playing a musical instrument.

Local Spotlight

For the second year in a row, the 鈥楪ift-a-Family鈥 campaign is hoping to make the holidays happier for children and families in need throughout Barrie.

Some of the most prolific photographers behind CTV Skywatch Pics of the Day use the medium for fun, therapy, and connection.

A young family from Codroy Valley, N.L., is happy to be on land and resting with their newborn daughter, Miley, after an overwhelming, yet exciting experience at sea.

As Connor Nijsse prepared to remove some old drywall during his garage renovation, he feared the worst.

A group of women in Chester, N.S., has been busy on the weekends making quilts 鈥 not for themselves, but for those in need.

A Vancouver artist whose streetside singing led to a chance encounter with one of the world's biggest musicians is encouraging aspiring performers to try their hand at busking.

Ten-thousand hand-knit poppies were taken from the Sanctuary Arts Centre and displayed on the fence surrounding the Dartmouth Cenotaph on Monday.

A Vancouver man is saying goodbye to his nine-to-five and embarking on a road trip from the Canadian Arctic to Antarctica.

Stay Connected