Every time the conversation turns to auto autonomy and interconnectivity, hackles get raised over hacking, but it’s been all bark and no bite, until now. Although the concern is cited in conversation every time the new tech is debated, it hasn’t been brought up in articles and announcements showcasing the latest auto integrations of responsive and interconnected technologies.
In our previous articles on autonomy and interconnectivity, none of the resources cited addressed hacking. Neither manufacturers nor government agencies have had much to say about the virtual threat, and now that’s coming back to bite them.
Road Test
Last month, Chris Valasek, Director of Vehicle Security Research for IOActive, and Charlie Miller, Security Researcher for Twitter, hacked into a Jeep Cherokee driving 70mph on the highway outside of Saint. Louis. You can read the whole article on Wired.com. At the Black Hat conference taking place in Las Vegas this week, the researchers plan to discuss in detail how and why the car was–and is–vulnerable to access from hackers anywhere in the country.
The pre-warned, but still completely freaked out driver, Andy Greenberg, senior writer for WIRED, was bombarded by poltergeist-like attacks on his AC, radio, windshield wipers, and eventually on the car’s digital display. Then the hackers cut the car’s transmission. As Greenberg lost complete control and others cars began piling up behind him, he found himself completely immobile in the middle of the highway, keeping calm, but seriously scared.
Ignorance Isn’t Bliss
The scandalous reveal of this auto-vulnerability has led to a lot of finger-pointing and panic. Much of it is justified, as hacking isn’t a new or unknown threat. According to USA Today, at the Black Hat conference last year, multiple workshops addressed the threat posed by connecting never-before networked systems and machines, from cars to refrigerators, to online access.
Learn more about our vehicle shipping services.
In 2011, a drone showcased at the DefCon hacking conference was already cracking Wi-Fi networks and intercepting phone conversations and texts, completely unawares to the communications provider and the customer. Electronic information is captured at a wide range, far beyond the intended target, including those who have neither accepted, nor have any awareness of, this intrusion upon their privacy.
According to a 2013 February report, “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk” by Senator Ed Markey, automakers have overlooked or ignored taking appropriate action toward anti-hacking measures.
Markey sent letters to automakers asking about the prevalence of these interconnected technologies in their vehicles, and they were doing to secure against hackers who could take control of a vehicle. Those who responded (16 of 20 engaged) confirmed every vehicle had some kind of internet connectivity, from Bluetooth to radios, but only seven had engaged specialists to test the cars’ security, and only two said their cars contained malicious digital command monitoring systems.
“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone, said Miller.
What the Hack?
Automakers are rushing to recover from accusations of apathy and ignorance. The drive (and demand) has been to develop cars that are smarter and more efficient, but both the unique and untried aspects of this new tech have left some gaping holes in safety structures.
At the end of July, Chrysler issued a formal recall for 1.4 million vehicles that might be affected by this vulnerability. A statement on their Web site said that vehicle software can require updates just like a smartphone or tablet. The update is available to car owners via USB or a download.
In 2014, Miller and Valasek released a report stating the likelihood of an attacker remotely accessing a vehicle and how they might influence the car remotely. They also shared their research with Chrysler ahead of the revealing road test, allowing Chrysler to develop the patch in advance. Responding to the recall announcement in a WIRED, Miller stated, “I was surprised they hadn’t before and I’m glad they did.”
Despite the response, the fact remains that this crucial component of vehicle connectivity wasn’t taken seriously until now. Last week, three Jeep Cherokee owners filed a complaint against both Fiat Chrysler Automobiles and Harman International (the maker of Chrysler’s dashboard computer), accusing them of fraud, negligence, unjust enrichment and breach of warranty. The plaintiffs argue that the companies knowingly sold to customers vehicles with a serious security defect and that the patch does not solve the underlying problem.
You’ve Got Maleware
The Internet connections in a car’s computer mainly controls entertainment, communication, and navigation and warning systems. But according to Miller and Valasek, this wireless access lets anyone who knows the IP address to virtually get inside the car, from anywhere in the country. Vehicle hacking isn’t just a software problem that can be patched, it’s an issue of awareness and responsibility of the measures that need to be taken to protect consumers before newly outfitted electronics hit the road.
Just a week after the road test hit the Internet, a new bill was introduced in the Senate to address automotive cybersecurity standards. The bill would direct the National Highway Traffic Safety Administration to establish minimum security levels for any driver controls connected to vehicle communications software.
Although it’s sobering that this issue has been ignored for so long, we’re pleased manufacturers and legislators are taking action (better late than never). While we expect to eventually reach an acceptable level of virtual safety, the race may be on for a while between hackers and patchers, especially after Miller and Valasek reveal the details of their research at the conference this week.
Don’t hesitate to get your free auto shipping quote
