Why We Need To Have It Out Over Hacking
Hacking is a frequent topic of conversation when it comes to auto autonomy or interconnectivity. But, it has been all bark and none bite up until now. While the concern is raised in conversations about new tech, it is not mentioned in announcements and articles showcasing the most recent auto integrations of responsive or interconnected technologies.
None of the resources mentioned in our earlier articles about autonomy and interconnectivity addressed hacking. Manufacturers and government agencies didn't have much to say about this virtual threat. Now it's back to bite them.
Last month, Chris Valasek (Director of Vehicle Security Research at IOActive) and Charlie Miller (Security Researcher for Twitter), hacked into a Jeep Cherokee that was driving 70 mph on the highway just outside of Saint. Louis. The entire article can be found at Wired.com. The Black Hat conference will take place in Las Vegas this week. Researchers plan to discuss in-depth how and why hackers can access the car from anywhere in the country.
Andy Greenberg (senior writer at WIRED), was pre-warned but still totally freaked out and was subject to poltergeist-like attacks against his AC, radio and windshield wipers. The hackers then cut the transmission of the car. Greenberg was unable to control his car and other cars started following him. He found himself immobile on the highway. He tried to stay calm but was very scared.
Ignorance isn't bliss
There has been a lot of panic and finger-pointing since the shocking revelation of this auto-vulnerability. Many of the panic is justified as hacking is not a new threat. USA Today reports that at last year's Black Hat conference, numerous workshops dealt with the threat of connecting machines and systems to the internet. This includes everything from cars and refrigerators to computers.
Find out more about our vehicle transport.
A drone that was displayed at the DefCon hacking conference in 2011 had already cracked Wi-Fi networks, intercepted phone conversations and textes without the knowledge of the communications provider or the customer. Electronic information can be captured from a large range of people, even those who are unaware or have not accepted this intrusion on their privacy.
According to a Senator Ed Markey report in February 2013, "Tracking & Hacking, Security & Privacy Gaps Place American Drivers at Risk," automakers have either ignored or failed to take appropriate anti-hacking steps.
Markey wrote letters to automakers to inquire about interconnected technologies in their vehicles. They were also doing everything they could to protect against hackers who could control a vehicle. 16 of the 20 respondents confirmed that all vehicles had some form of internet connectivity. However, only seven of them had hired specialists to examine their security and only two of them claimed that they had malicious digital command monitoring devices.
"Consumers should be aware that this is a problem and should complain to carmakers. Miller said that this could be the software bug most likely causing death.
What is the Hack?
Automakers are trying to overcome the accusations of ignorance and apathy. While the drive (and demand), has been to create smarter, more efficient cars, both the untested and unique aspects of this tech have created gaps in safety systems.
Chrysler issued a recall on 1.4 million vehicles at the end of July for this vulnerability. According to their Web site, vehicle software may need updates in the same way as a tablet or smartphone. Owners of cars can download or use the USB to update.
Miller and Valasek published a 2014 report that stated the possibility of remote access to a vehicle by an attacker and suggested how they could influence it remotely. The researchers were also shared with Chrysler before the road test that revealed the vulnerability, which allowed Chrysler to create the patch ahead of time. Miller responded to the recall announcement in WIRED. He stated that he was surprised that they hadn't done so before and that he's glad they did.
Despite this response, it is clear that this critical component of vehicle connectivity was not taken seriously up until now. Three Jeep Cherokee owners filed a complaint last week against Fiat Chrysler Automobiles as well as Harman International, the maker of Chrysler's dashboard computers. They accused them of fraud and negligence, unjust enrichment, and breach of warranty. Plaintiffs claim that companies sold vehicles to customers with serious security defects and that the patch doesn't solve the problem.
Maleware is here
The Internet connection in a car's computer controls entertainment, communication and navigation as well as warning systems. Miller and Valasek claim that anyone with an IP address can access the car from any part of the country. Vehicle hacking isn’t a problem with software that can be fixed. It’s a matter of awareness and responsibility about the steps that must be taken to protect consumers from newly-equipped electronics before they hit the roads.
A new Senate bill was introduced to address automotive cybersecurity standards, just a week after the road test went live. The bill would direct National Highway Traffic Safety Administration (NHTSA) to set minimum security levels for all driver controls that are connected to vehicle communication software.
It's sad that this issue has been neglected for so many years. However, manufacturers and legislators are starting to take action (better late than never). Although we believe that virtual safety will eventually be acceptable, hackers and patchers may still be in a race, especially after Miller, Valasek, reveal details of their research at this week's conference.