The Cost of Complexity

Four thousand gigabytes. To even the average person, those numbers represent an enormous amount of data, more than most people can even think of using up in over a year. Most commercially sold computers often come with no more than 400 GB of storage, and in many cases that much is enough to last the device’s lifetime.

What then, can be said of a device that consumes 4,000 GB of data -per day, every day?

The device in question is the car of tomorrow. In the January 2017 issue of the SAE’s (Society of Automotive Engineers) magazine, predicted figures for the amount of data an autonomous car would have to process were given, with features such as the cameras, sonar, and lidar components of an autonomous car processing up to 70MB per second.

The processing of this staggering amount of data is no easy feat, and no doubt the autonomous vehicles of tomorrow will dwarf the cars of today in complexity. That being said, according to Nicole Perlroth of the New York Times “Today, an average car has more than 100 million lines of code. Automakers predict it won’t be long before they have 200 million.” Truly, the car of today is closer to a super-computer than the mechanical transportation device it originally began as.

The future of self-driving cars brings with it a whole array of benefits, but the devil is in the details – or in this case in the sea of code giving these cars their remarkable abilities. Immediately following the prior quote, Nicole says “…on average, there are 15 to 50 defects per 1,000 lines of software code, the potentially exploitable weaknesses add up quickly.” The message here is clear – the cars of today, and more so the future, are full of vulnerabilities. With the sheer number of lines of code present in their systems, the possibility of producing error-free automotive software is nigh mathematically impossible.

The typical target in vehicular cyber-attacks is therefore the code rich infotainment unit. To run the computing heavy multimedia and mapping applications handles by the module, fully fledged software is required, which due to its complex nature is prone to code bugs and defects.

A compromised infotainment unit is only the entry port. Due to the interconnected nature of vehicles, once hackers gain control of one edge node the entire network can be lost. Giving hackers easy control of all vehicular functions – including steering, breaking and acceleration.

The fact of the matter is, neglecting cyber security in vehicles is no longer an option. With every sensor in a car a potential attack surface, and the number of sensors on the average vehicle only expected to increase, more care needs to be put into ensuring their integrity. A single-faceted defense falls short too, with the unfortunate reality of cyber security being that there is no panacea, no one-trick-beats all solution to stopping cyber-attacks. Without a multifaceted, multi-layer cyber security approach the cars of tomorrow are doomed to devolve into unmistakable targets for malicious hackers, putting the lives, information, and privacy of riders at stake.