Can automakers build hacker-proof cars?

What could hackers do with Internet-connected cars, and how can they be prevented?

|
Richard Drew/AP/File
The 2014 Jeep Cherokee Limited is displayed at the New York International Auto Show on March 27, 2013. Cybersecurity researchers recently hacked a Jeep Cherokee and took control over all the car's functions, bringing renewed attention to the security implications of Internet-enabled cars.

What’s worse than a backseat driver? A remote one, who takes the wheel by hacking into your car’s computer.

Wired’s Andy Greenberg described how cybersecurity researchers Charlie Miller and Chris Valasek hacked his Jeep Cherokee from 10 miles away, causing it to slow to a crawl in the middle of a busy highway. Previously, Mr. Miller and Mr. Valasek had successfully hacked cars from the backseat with their laptops plugged into the diagnostic port, but their new achievement highlights the unique vulnerability of Internet-connected cars.

"There are hundreds of thousands of cars that are vulnerable on the road right now," Miller told Reuters.

As Web-connected cars become the norm, some car manufacturers have been working to preempt the heightened risk of invasion. CNN Money reported last year that Ford, Toyota, and Tesla have all taken steps to safeguard systems.

Ford and Toyota have built protective firewalls built into their hardware and hired teams of hackers to hunt for weak spots. Toyota has also installed chips in cars’ computers to narrow communication and bolster safety.

Tesla has a "responsible disclosure" program that gives hackers incentives to disclose their findings with the company. Valasek also noted last year that Tesla sends its software updates wirelessly, meaning drivers do not need to bring their cars in to have it done on site.

The problem, CNN Money reported, is that all of the computers in a vehicle are connected, meaning a breach into one part of the car gives easy access to others – a problem that vehicle-to-vehicle communication systems and self-driving cars could exacerbate.

The government is taking steps as well. Wired reported that Massachusetts Sen. Ed Markey (D) and Connecticut Sen. Richard Blumenthal (D) are introducing new legislation Tuesday to raise cybersecurity standards of cars sold in the United States.

Sen. Markey surveyed 16 car companies in February about how they handle digital security, and found that adequate security was the exception, not the rule. The bill, a spokesperson told Wired, would have the National Highway Traffic Safety Administration and the Federal Trade Commission set explicit standards regarding security and privacy, and require car manufacturers to display stickers on the windows of new cars indicating the vehicle’s privacy and security ranking.

"Drivers shouldn’t have to choose between being connected and being protected," Markey said in a statement. "Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. We need clear rules of the road that protect cars from hackers and American families from data trackers."

Valasek and Miller’s attack on the Jeep Cherokee echoes a 2011 study by the University of Washington’s Yoshi Kohno and UC San Diego’s Stefan Savage, in which they completed a wireless, remote takeover of a car, becoming the first to do so.

As a measure of consolation, Valasek told LiveScience last year that car hacking is prohibitively complicated and costly for most criminals – for now.

"Generally speaking, car hacking isn't mainstream. It's very difficult and costs lots of money," Valasek said. "That could change in the future, which is why we're working on the problem now."

Follow CSMonitor's board Tech & Innovation on Pinterest.
You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Can automakers build hacker-proof cars?
Read this article in
https://www.csmonitor.com/Technology/2015/0722/Can-automakers-build-hacker-proof-cars
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe