Automobile Software: Unsecure and not upgradeable

As a renter I get to try out a lot of new cars. This is somewhat disconcerting at times because if the UI is not intuitive, this causes me grief. I fumble around, trying to find a requirement, using my experience with other cars as my guide. This is common to not only cars but to any other object as well. One of the fancy features that almost all new cars have is the onboard entertainment system. Most have bluetooth connectivity. The car also have a myriad of independent computers, ranging from IR door unlocking to backup cameras. As a technologist I always wonder if these systems are secure. In the back of my mind I know they are not.

Since almost all cars now come with a network of computers, you really do not have much of a choice. Models for software upgrades taken from desktop and smartphone technology really do not fit the automobile, as many people, including our family, keep their vehicles for longer than 10 years. After 4 years, most desktops should be scrapped and re-imaged. After 2 years most smartphones are scrapped. Today’s operating systems release system updates on a weekly basis, and even then many users cannot keep up. Keeping up with system updates somewhat inoculates you against new viruses and other security threats. The faster you can update your software the more protection you get. Cue to the automobile industry and our propensity to keep cars for over 10 years.

How does your car’s software get updated? As far as I can tell, auto makers are looking into the issue but very little has been implemented. In the mean time they continue to sell cars and software. it sounds like Ford will ship a USB drive to all its customers. How often will that happen? Shipping physical USBs is not only expensive and error prone but also slow. Updates would be obsolete even before they were rolled out. There has to be a better way.

Maybe one method might be to allow technology companies to take care of the technology portion of the car:

The fact of the matter is, I don’t entirely trust a car company to fundamentally hack the problem of on-board infotainment UI, any more than I trust TV companies to hack the problem of TV interfaces. Much the way that I begin to think the iPad could be the brains of your TV, I begin to think we might be better off if an Apple or a Google came to own that bit of space on your dashboard that Ford users have been pressing in frustration over the past year.


Only a few cars have wireless internet connectivity. How would you even connect the internet to non-internet connected cars? There are many issues to contemplate.

In the news article Cars vulnerable to hackers just part of the car cost circle of life Andrew Clark touches on new technology and how to upgrade it.

Self-Driving Car Cost Circle

  1. Companies introduce technological innovations that promise to free us from such burdensome tasks as paying attention while driving our cars. These new technologies aren’t free. In fact, they’ll cost a lot but think of all the effort we’ll save. No more having to pay attention while driving!
  2. Not long after we’ve all adopted them, it turns out that these technologies are vulnerable to terrible criminal misuse. Not to worry though, there is an easy solution – more technology. It costs more money but it’s worth it for the peace of mind that comes from knowing the technology we bought before is safe.
  3. A week after we’ve bought everything we need it’s discovered that all the technology we bought is out of date and we need to buy more technology.
  4. The cycle repeats.


While this cycle might seem a tad simplistic, the problem remains: How to upgrade software on an as-needed basis, be it daily or hourly. As an exploit is detected, and a fix is coded, this fix should be deployed as quickly after testing as possible. This is now to keep up with the cat and mouse game of security. The Linux/Ubuntu and open source software update system might be of great value and applicable to car software as well.

While it might be agony if and when you laptop crashes due to a virus, a similar hack in a car might literally kill you. More security, testing and reliability are required. Redundant systems are not out of the question. It seems like automobile manufacturers are so unprepared to handle the hacking of their computer systems yet they continue to sell their products “as is”. What happens in 5 years time when technology has moved on and your car is now very vulnerable to a well known and therefore Internet published hack? What happens if a hack causes you to inadvertently crash your car?

There are so many questions and few answers, so far. As cars evolve each year, the problem will only get worse. Computer security is too fluid to simply stand still.

Leave a Reply

Your email address will not be published. Required fields are marked *