It’s inevitable, so what are manufacturers going to do?
By Raif Karerat
WASHINGTON, DC: Cyberattacks that hack into the digital systems of cars are inevitable in the near future, experts told The Washington Post, with it just being a questions of “when the right hacking skills end up in the hands of people with sufficient motives.”
According to The Post, security researchers Charlie Miller and Chris Valasek demonstrated earlier this week that they could hijack a vehicle over the Internet, without any dealership-installed device to ease access. By hacking into a 2014 Jeep Cherokee, the researchers were able to turn the steering wheel, briefly disable the brakes and shut down the engine.
“When there are unintended consequences and your computer crashes, that’s one thing,” said Ashkan Soltani, chief technologist for the Federal Trade Commission, which issued a report in January warning of the security and privacy issues of the Internet of Things. “When there are unintended consequences and your car crashes, that’s a totally different ballgame.”
The two researchers also found easily accessible links to thousands of other privately owned Jeeps, Dodges, and Chryslers that feature a proprietary wireless entertainment and navigation system called Uconnect. Valasek and Miller said they could, by merely typing the right series of computer commands, hack into these vehicles, almost anywhere they might be driving.
“They haven’t been able to weaponize it. They haven’t been able to package it yet so that it’s easily exploitable,” said John Ellis, a former global technologist for Ford. “You can do it on a one-car basis. You can’t yet do it on a 100,000-car basis.”
If a hacker-proof car was designed today, it wouldn’t be able to reach dealerships until sometime in 2018, The Post’s experts postulated, and it would remain hacker-proof only for as long as its automaker kept providing regular updates for the underlying software — an expensive chore that manufacturers of connected devices neglect all too often.
“If we’ve learned anything from the Internet, it’s that it’s clearly going to happen,” said Kathleen Fisher, a Tufts University computer science professor and security researcher. “Now that we know it’s going to happen, can’t we do something different?”