After researchers hack a Jeep Cherokee as it’s on public roads, highlighting vulnerabilities in the car, Chrysler pulls 1.4 million in to update them and protect drivers.
Sourced through Scoop.it from: www.forbes.com
Is this a case of being hoisted by their own petard? Are car manufacturers in such a hurry to meet our demands for computerization and connected cars, that they haven’t figured out all of the risks, especially when they have dozens of OEM component suppliers?
When my ‘Check Engine’ light came on in my car on Thursday, I thought “that’s strange I’ve never run low on oil before.” I drove to the nearest gas station and I still hadn’t.
I rang Torbay Service Station who look after my car and they were closed until 8AM the following morning. so I was on their doorstep on the dot next day.
Whist they were very busy, booked solid in fact and had no loan cars left, Mike the owner kindly agreed to hook his diagnostics computer into my ODB2 port (interface to the car computers) but he found nothing and said most of the 8 pages of diagnostics for my car model require that the car is driving and he didn’t have time to do a road test. He released the emergency light from the alert status and said if it came on again,I should call him or bring it straight back.
Many years ago, a company I worked for became the distributor for a new Canadian car security system and my company car was the guinea pig. The features included remote start, which makes sense for Canadian winters. That meant, from my office window, looking out over the management car-park, if someone was leaning on my car, I could start it up and give them a fright. It was lot’s of fun.
It had security algorithms in the communications system because it was not uncommon in the USA for designer car thieves to wait for people to unlock their Ferrari’s and Lamborghini’s, recording the signal from their remote controls so that they could copy them wirelessly and then steal the car after replicating the signal. This is not much different to scams where people in restaurants copy all the information off your credit card magnetic stripe, while you aren’t looking, so as to create an exact copy they can resell to access your bank account.
So now we go to a world where there are ready buyers for your car’s location information. All benevolent of course. They might be DoT’s for traffic demand management, gas companies looking at where to build new petrol stations, insurance companies managing risk, in-car entertainment companies, satellite broadcast media, emergency services, car navigation, Google and many more.
Most of these companies want your data for ‘benevolent purposes’. To understand how you drive for insurance risk, to find you if your car breaks down or runs out of gas, to remotely unlock your door if you left your keys in the car, to monitor the status of your battery or when your brakes need service, or to point out to you that you are heading in a direction where the next gas station is 90 miles away and you only have a quarter of a tank left, or that you have been driving for 2 hours and there is a Starbucks up ahead, with free muffin with your name on it.
The weak link is that so many different networks want access to your data, plus you want remote access, key-less ignition, remote start, real time traffic information (which is crowd sourced, meaning they get your data as well as you getting information from them).
You want a connected autonomous car in the future, which is going to rely on communication with other cars, with your breakdown service and the DoT, for traffic signals and highway information.
To achieve all that (and it is all achievable now and more) means that not one but several computers in your car are going to be communicating with other computers and devices all the time. Viruses, Trojans, keyboard loggers and other security breaches on personal computers happen thousands of times a day around the world, whether you are just a law abiding citizen at home, or a high level executive in a corporate, or in a Government department. Why would you think that connected cars would be any different and what a great was to cause chaos, whether for mischievous reasons, terrorism or crime?
The more features you demand from car manufacturers, the greater the risk.Hacking into car security systems is old school and because they are systems designed for one purpose only, to prevent access and disable the vehicle, security is relatively easy.
When it comes to the warehouse of computers racked in a modern car, the problem becomes compound and complex.
This recall is a great thing, if inconvenient. Imagine if hackers were able to disable the brakes in thousands of vehicles in one city. If you’ve ever driven a vehicle where the brakes failed, like I did in a motor-home full of people after a ski-trip where the brake-hose froze and broke, that T intersection comes up mighty fast. Now multiply that by hundreds or thousands of vehicles.
Kudos from me to Fiat Chrysler for taking this step.
I would be asking the question if buying a new car, as to how secure it is from hackers and looking for an intelligent answer fro the sales person. When they tell you there is absolutely no risk, try asking for a written guarantee of that. They won’t be able to give it to you.
We all want the cool new features, but you have antivirus on your computer because there is risk. The thing is that you don’t sit inside your computer and race up the freeway. Well actually if you have a late model car, you already do. What if your car is autonomous and you aren’t sitting behind a steering wheel or brake pedal.
Has your computer ever crashed?