American car company Fiat Chrysler has recently issued a recall order for 1.4 million vehicles. The recall followed serious cyber-security concerns raised in a study by US experts Charlie Miller and Chris Valasek.
A series of trials run by the pair showed that these vehicles—automatically connected to the internet via the Chrysler UConnect system—were alarmingly vulnerable to external hacking attempts. Using a phone, Miller and Valasek were able to remotely identify a targeted vehicle, disable the brakes, slow and stop the engine, and play havoc with the car’s electronic interface.
The weaknesses identified are a recent development for the industry. Automakers have responded to consumer demand for connectivity by equipping cars with increasingly sophisticated electronics. Internet connection allows enhanced in-car entertainment and navigation features, and use as a wifi hotspot. These connectivity advances have been accompanied by other electronic features designed for improved safety, such as automatic brakes and locking.
Advances in security, however, have followed more slowly. As Miller and Valasek demonstrate, the connection used by a car’s entertainment system can be exploited by skilled hackers. Once inside the systems, there are few barriers between components—software can be re-written remotely to control, stop, and track the car. It may even be possible to take over the car’s system and use it to identify and control other cars in the network, moving through vehicles in the same way that computer hackers use botnets. Navigational functions can also be exploited, using false signals to “spoof” GPS devices. University of Texas researchers recently used a GPS unit to change the course of an $80 million dollar super-yacht without being detected by the captain.
- SPONSORED -
While manufacturers are increasingly aware of these concerns, they also face market pressure to add innovative new features. Security expert Josh Corman says, “If it takes a year to introduce a new hackable feature, then it takes four to five years to protect it.” Car theft using electronic keys is on the rise in the UK; in London, 42 per cent of all car theft is electronic.
The digitisation trend seems inevitable. Japanese electronics company Hitachi predicts that by 2020, 90 per cent of all cars will be internet-connected, and Google is pouring significant resources into developing self-driving cars, where zero driver input is required. Proponents of the new systems say that the features allow greater mobility and independence for people who would otherwise have difficulty driving. Greater automation can also help prevent accidents, as the impact of human error (from drunk, tired, or reckless drivers) is minimised. There is also hope that car-to-car interaction can be used to prevent gridlocks and increase efficiency, as cars will be able to remotely coordinate to optimise traffic flow.
In order to take advantage of these opportunities safely, industry groups as well as legislators will need to be vigilant. In the US, a Bill is currently being introduced to set new vehicle cyber-security standards. Miller and Valasek say that the auto industry must follow the lead of computer companies. They urge business leaders to invite budding hackers to work with corporations to identify bugs.
Other industry experts remain optimistic. Maciej Kranz (of Cisco’s Connected Industries Group) said in a recent article that current fears are disproportionate. He states that when you connect cars to the net, “Good things happen. More good things happen when you connect all of the systems.”