Since the late 1960s, cars have had computers in them, and with each passing decade, the computers get more powerful. In today’s cars, they monitor everything about the engine and make it run more efficiently.
The computers in modern cars also run the steering, traction control, airbags, cruise control, tire management, security, entertainment and more. That’s great for safety, comfort, convenience and efficiency, but there’s an unavoidable downside: Computers can be hacked.
Until recently, hacking a car’s onboard computer to cause chaos was either a theoretical security exercise or a scene in a Hollywood movie. Then in 2013, two hackers named Charlie Miller and Chris Valasek changed everything when they brought it into the real world.
While that first demo was scary, it still required hackers to physically connect a laptop to the car’s computers and be sitting in the back seat. That’s not the kind of hack that’s going to affect regular motorists unless they’re very unobservant. So, the world kept moving along as usual.
Everything changed when Miller and Valasek showed off a new way to hack a car from a distance. This time, it’s a very big deal.
The hack
In their newest demo, which starred a 2014 Jeep Cherokee and Wired’s Andy Greenberg as the willing “victim,” Miller and Valasek took control of the vehicle from more than 10 miles away. At first, they just played with its environmental and entertainment systems, and then, terrifyingly, its steering, transmission and brakes.
You can see in the video how freaked out Greenberg was, and he knew it was going to happen.
The reason Miller and Valasek weren’t able to do this in 2013 is that many cars did not include cellular connections at that time. Cellular lets the entertainment system download updates, get navigation information, provide in-car Internet, and more.
In the case of the Jeep Cherokee’s Uconnect entertainment system, however, the cellular also let the hackers connect and take control. And, somehow, the entertainment computer connects to the computers that run the really important things.
The fallout
The immediate fallout from the experiment was a massive vehicle “recall” from Fiat-Chrysler, which is the parent company for Jeep. The same Uconnect system as the one in the Jeep Cherokee, with the same security flaw, is also in Chrysler, Fiat, Dodge, Ram and SRT vehicles.
At first, the problem was estimated to affect 470,000 vehicles, but Chrysler has decided to “recall” 1.4 million vehicles to be safe. “Recall” is in quotes because fixing the problem just requires a software update to Uconnect.
While owners can take their vehicles to the shop if they want, they can also get the update on a flash drive and install it on their vehicle themselves.
If you aren’t sure if your vehicle is included, you can go to http://www.driveuconnect.com/software-update/ and put in your vehicle’s VIN. You can also check with your nearest dealership.
On a good note, Miller and Valasek re-ran their experiment on a Uconnect system with the patch installed and reported that they could no longer take control. Also, thankfully, they’re the only ones with the software that can take advantage of the flaw, and that took them two years to make.
Of course, it’s unknown what security flaws are lurking in other car systems waiting for hackers to exploit. If you have a car with a cellular connection, and you rarely use it, see if you can turn it off. Otherwise, talk to your manufacturer about their security and what they’re doing to make sure a Fiat-Chrysler-type hack doesn’t happen to your car.
If you’re buying a new car, consider one with Android Auto or Apple’s CarPlay. These use your smartphone to power the entertainment system, which means you’ll get the advantage of your smartphone’s built-in security.
The future
While this hack didn’t turn into a disaster, it does paint a scary future. Cars are only going to get more computerized and more connected.
As an example, for years automotive engineers have been talking about having cars in the same area communicate with each other. The idea is that if the cars know what’s around them it improves safety and make traffic more efficient.
If you think a virus on a computer network is bad, imagine a virus on a network of multi-ton cars traveling at high speeds. The term “computer crash” could become sadly literal.
Then there’s the almost certain arrival of self-driving cars. Google, Audi and plenty of other companies are working like crazy to make it happen. The usual argument is that self-driving cars are going to be safer because they remove human error.
In fact, Google’s self-driving cars have been on the road for a few years now, and so far every accident they’ve been in was the result of the human in another car. It’s a good argument for taking humans out of the equation.
Of course, what happens when your self-driving car, or thousands of self-driving cars, get hacked? You’re looking at a disaster in the making. Even if the hacker just tweaks the software to change the safety margins by a few feet, it could lead to mass chaos.
This is a good time for the car industry to take a hard look at how critical car computers are protected. It should also take a page from the computer industry and how computer users deal, or don’t deal, with threats. Learn the steps you should take now to virus-proof your computer.
What springs to mind is the millions of people who never update their computer software and leave their system open to viruses. Imagine a car manufacturer pushing out a critical security update and a large percentage of drivers never install it. In fact, it will be interesting to see how many of the 1.4 million Fiat-Chrysler vehicles that were recalled actually get updated.
On the other hand, electric car company Tesla could be showing the way. It already updates its cars’ software using an automated, over-the-air system. Several problems and performance improvements have been pushed out this way.
We could be approaching a day when you don’t just buy a car based on its safety rating, but its security rating. Hopefully, thanks to security flaws today, the cars of the future score a 5 out of 5.
Are you looking forward to the cars of the future, or are you ready to go out and buy a classic 1960s Mustang? OK, that specific example is a no-brainer, but you know what we mean. Let me know your thoughts on the future of cars in the comments.
