With the recent spate of car hacks, how worried are you that you and your car may become victims of cyberhacking? You’re right to be concerned, as the vulnerabilities of automakers’ systems have been exploited by hackers – black hat and white hat alike. But just how immediate is the threat? More important, what’s being done about it?
Protecting your car from hackers takes priority, from being aware of the vulnerabilities to staying informed about pending legislation that may help protect consumers from would-be hackers. The pending bill in the U.S. Senate would create the first-ever automotive cybersecurity standards.
In the meantime, high-profile car hacks point up the urgency of the situation. As Forbes contributor Doug Newcomb said in an August 10 piece in the magazine, the consistent thread in the recent attacks is that they come from the IT industry “and those who stand to benefit in some form from the uproar.”
Two guys working on connected car security in connection with DARPA for the past few years, Charlie Miller, a Twitter security engineer, and Chris Valasek, IOActive head of vehicle security research actually kick-started the current furor over car hacking. The pair deliberately exploited a– in a car driven by another Forbes’ writer, and followed that with yet another hacking stunt: remotely accessing critical systems in a 2015 .
Following these two hacks, Fiat Chrysler Automobiles (FCA) issued a security patch for the UConnect system involved in the hack, later issuing a formal recall of 1.4 million vehicles to correct the flaw.
There’ve been two more high-profile hacks since. One involved Samy Kamkar, a security and privacy researcher who showed vulnerability in the GM OnStar mobile app that allowed a hacker (Kamkar) to remotely unlock and start a vehicle. Kamkar developed a device he calls “OwnStar” that allows this to occur. Then, Kamkar began working with OnStar to fix the flaw. Subsequently, GM issued a security patch to address the situation.
Next, two Cloudflare colleagues found a half-dozen flaws in thethat made it possible for hackers to gain control of the vehicle’s infotainment system and – even more frightening – the researchers were able to turn off the car while it was being driven.
But Kamkar wasn’t done after his GM OnStar hack. He’s now got a new device he calls “Rolljam” that can take advantage of vulnerabilities in car keyless entry systems. This tiny gadget is about the size of a wallet and can be hidden anywhere on or under a car, unbeknownst to the vehicle owner. Kamkar says that at least one chipmaker (companies that make the computer chips that go into the keyless entry systems) has fixed the issue, although Kamkar said his device worked on a number of cars he tested, including the main vehicle he used to test his hack, a. Stating that automakers have ignored this vulnerability for too long, he hopes this latest hacking stunt will bring new urgency to the situation and prompt them to act to fix the security holes.
What’s next? Will the car in your garage or your son or daughter’s car being driven to and from school be prey to criminals or would-be terrorists? Is this taking the fear too far? What about the industry and governmental push for connected cars? What’s looming in that scenario that hackers can – and probably will – try to exploit?
This isn’t meant to create hysteria over imminent car hacks. That’s not the situation now. But the vulnerabilities are real – and consumers, the government and automakers can and should be aware of and begin seriously addressing this looming threat. After all, it could potentially affect the safety and well-being of millions of drivers. As a cascading effect, not only would this potentially collapse consumer confidence in the vehicles automakers design and build, it would also make the U.S. yet more vulnerable to exploits of terrorism by those bent on destroying Western society.
What Solutions Do You Favor?
We’re curious here, and this is just our throwing this question out there, what solutions do you favor to curb automotive hacking? Do you think stricter laws are the way to go? Do you think it’s the responsibility of chip makers or automakers or both to find and thoroughly test systems so that hacking a car is impossible? Is it a combination of all of these or something else?
Suppose it’s not white hat cyber researchers but criminals and terrorists who actually conduct wide-scale vehicle hacks? Would your opinion change then? What should be the punishment for such actions?
In addition, how much would you pay for a totally hack-free vehicle? Or do you believe that built-in cybersecurity should be part of what you’re already paying for in the vehicle, whether it’s a compact commuter car or a heavy-duty pickup?
Finally, what would give you the confidence that whatever hackers come up with, the automaker who built your vehicle will rise to the occasion and proactively address it with a rock-solid fix? Keep in mind that today’s and tomorrow’s vehicles are increasingly complex and interconnected. Anything can go wrong and there are likely to be many more hacks exposed before truly workable solutions can be tested and implemented. Even then, the hackers will try to stay steps ahead of the industry. It’s going to be an interesting ride.
Bottom line: Stay informed. Follow potential legislation and if your vehicle is the subject of a recall to fix security flaws, take it in promptly and have it taken care of. Do your part to keep car hackers at bay.