Wireless hacking, or cyber hacking, is the newest threat to our privacy and now, it would seem, to our ability to drive safely. The wireless features that allow us to call in for help, connect wirelessly to our music, and other features are part of the technology that supposedly enhances our driving experience. What we are learning now is how vulnerable these features make us to cyber hackers – at least with certain makes and models. With the right software, hackers can turn on your car stereo, disable your brakes and control the speed of your car from anywhere in the world. That’s great news, is it not?
The discovery is linked, in part, to the work of Charlie Miller, a security researcher for Twitter and a former NSA hacker, and Chris Valasek, the director of vehicle security research at the consultancy IOActive. The two men got a grant to study computer hacking in automotive vehicles. Their current work focuses on the vulnerability of Jeep Cherokees, a move that has upset Fiat Chrysler. The company had been in touch with the researchers/hackers for months but was upset at the public revelations of the vulnerability of the Uconnect system.
This week the Jeep manufacturer released a software patch it said will fix the security flaw. Jeep owners need to take their vehicle to a dealership or use a USB stick to manually install the update themselves.
There have been stories about these cyber attack possibilities for several years; this concern is rising as more automakers install wireless connections in vehicles. In addition to the Uconnect system used by Fiat Chrysler, there are a number of other ‘telematics’ systems, including GM Onstar, Lexus Enform, Toyota Safety Connect, Hyundai Bluelink, and Infiniti Connection.
On Tuesday, Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced the Security and Privacy in Your Car Act, or the “SPY Act,” which would require automobile manufacturers to build IT security standards into cars with wireless connections.
“The same kinds of advances in technology that can bring us enormous benefits of wireless connections can also guarantee our privacy and security,” Blumenthal said in an interview with The Huffington Post. “It is essential to preventing hackers from taking over and controlling cars.”
If the bill were to become law, the SPY Act would instruct the National Highway Traffic Safety Administration and the Federal Trade Commission to create IT security and privacy standards for vehicle electronics and associated in-vehicle networks.”
Senator Markey has been following the work of Miller and Valasek for several years. He decided to follow up on their 2013 hacking demo by contacting 20 automotive makers about the security of their vehicles. Of the 16 automakers that responded, “only seven of the companies said they hired independent security firms to test their vehicles’ digital security. Only two said their vehicles had monitoring systems that checked their CAN networks for malicious digital commands.” (Wired.com, 7-21-15)
Markey and Blumenthal have a track record for holding the NHTSA accountable and drafting legislation to create safer standards for the automotive industry. This latest legislative move is likely to be tough. Automakers will have to develop new standards to protect consumers’ safety and their privacy. We can expect some pushback from the automotive industry on this.
If you want to read Andy Greenberg’s experience of driving a Jeep Cherokee while Miller and Valasek hacked into its wireless system, here’s the link.