All the top 2020 cars have Internet connections to safety critical systems that leave them vulnerable to fleet wide hacks. That's the principal finding of a new study called Kill Switch from the U.S.-based advocacy group Consumer Watchdog.
The top ten car brands in the U.S., accounting for 95% of sales, all sell Internet-connected cars. GM, Toyota and Ford will only sell Internet-connected cars by the end of this year.
According to the Kill Switch report, industry technologists they spoke to on condition of anonymity believe these vehicles’ safety-critical systems are being linked to the Internet without adequate security and with no way to disconnect them in the event of a fleet-wide hack.
Most connected vehicles share the same vulnerability. The head unit (sometimes called the infotainment system) is connected to the Internet through a cellular connection and also to the vehicle’s CAN (Controller Area Network) buses. This technology dating to the 1980s links the vehicle’s most critical systems, such as the engine and the brakes.
According to the report, millions of cars on the Internet running the same software means a single hack could affect millions of vehicles at the same time. The report explains that the smartphone technology being used was never designed to protect safety-critical systems.
"A plausible scenario involving a fleet-wide hack during rush hour in major U.S. metropolitan areas could result in approximately 3,000 fatalities, the same death toll as the 9/11- attack," the report claims.
The solution, Consumer Watchdog says is a 50-cent kill switch in every car that would allow "consumers to physically disconnect their cars from the Internet and other wide-area networks".