In disturbing news, two computer-security researchers demonstrated they can take control of a moving Jeep Cherokee using the vehicle’s wireless communications system. The cyberattack demonstration comes amid growing concerns over just how susceptible U.S. automobiles really are to hackers taking control of vehicles or accessing motorists’ private information.
The two researchers, Charlie Miller, a Twitter employee, and Chris Valasek, a director at security firm IOActive, demonstrated in an article and video published in Wired magazine how they can wirelessly access a vehicle’s systems, a Wall Street Journal article reports. The two have kept some of the flaws they uncovered to themselves to prevent copy cats from taking action. However, they do show in a video that they can effectively disengage a car’s transmission or, when it’s moving at slower speeds, its brakes.
The New York Times reports Miller and Valasek plan to demonstrate at the annual Black Hat and Def Con hacking conferences in Las Vegas next month how, after two years of research, they also discovered a way to control hundreds of thousands of vehicles remotely.
Interestingly, Miller defends releasing the information, arguing he is improving auto safety by drawing attention to the issue.
“I’ve done a lot of research, but this is the first time I’ve been truly freaked out,” Miller said in a phone interview with The Wall Street Journal. “When I could hack into a car in Nebraska driving down the freeway, I had that feeling, ‘I shouldn’t be able to do this.’”
In the meantime, Fiat Chrysler, the Jeep manufacturer, has reportedly been in contact with the hackers for months, and released a software patch last week to fix the security flaw. Consumers must either take their vehicle to a dealership or use a USB stick to obtain the update.
This isn’t the first time the issue of hacking connected cars has come under scrutiny, however. Last winter, in light of studies demonstrating how hackers can infiltrate vehicles to gain control of steering, braking and other functions, staff for Sen. Edward Markey (D., Mass.) queried more than a dozen auto manufacturers. What they found, is that almost all the cars on the market today are vulnerable to “hacking or privacy intrusions” while most automobile manufacturers are unaware of—or unable to report on—past hacking incidents, says Sen. Markey in his office’s resulting report.
Senators Markey and Richard Blumenthal (D., Conn.) on Tuesday introduced legislation that would require NHTSA officials and the Federal Trade Commission to develop standards for securing vehicles and protecting consumers’ privacy, The Wall Street Journal article reports. The legislation would also create a “cyber dashboard” ratings system to inform consumers how well a vehicle protects against hackers.
“Drivers shouldn’t have to choose between being connected and being protected,” Sen. Markey said in a statement. “We need clear rules of the road that protect cars from hackers and American families from data trackers.”
I was also interested to see the Alliance of Automobile Manufacturers (AAM), a trade group that represents 12 major automakers, announce it’s creating an Information Sharing and Analysis Center (ISAC). This center, expected to be up and running later this year, will enable participating companies to swap cyber-security data and keep each other abreast of the latest hacking threats targeting vehicles. As the threat-sharing hub matures, AAM expects other companies related to vehicle manufactures—such as auto part suppliers, telecommunication providers and even tech companies—to join the hub.
“We’re acting now to get ahead of the curve,” says Robert Strassburger, vice president for vehicle safety at AAM. “The goal is to further enhance the industry’s on-going efforts to safeguard vehicle electronic systems and networks.”
Considering the potential from hackers gaining control of vehicles wirelessly, I think legislation requiring NHTSA officials and the Federal Trade Commission to develop standards for securing vehicles and protecting consumers’ privacy is a good call. I also think AAM’s center is a great idea, and look forward to learning more about it.