Carmakers have duty to protect drivers from security threats, says specialist
Chris Valasek and Charlie Miller recently remotely hacked into a 2014 Jeep Cherokee, proving that they could disable the SUV’s engine functions and take control of features such as air conditioning, locks and the radio remotely.
The flaw was exposed in an article published by Wired magazine, which says a patch has now been issued.
In response, Mark James of ESET commented on the issues:
Would Uconnect be the only car system that could be hacked?
“Definitely not, many different car manufacturers are now developing and using in car electronics for not only entertainment but real time information and management of the automotive systems. The ability to help the driver save fuel by showing them a better way to drive or the ability to have a real time health report or alert when things may be going wrong could all make the driving experience better but being connected to the internet has its downsides. We now have an operating system in the car that’s capable of being compromised and in some cases even taking complete control of the vehicle’s operation.”
How does the exploit work?
“A zero day exploit is or has been downloaded or installed onto the internal operating system of the vehicles, it will then enable someone over the internet to gain complete control of their systems. These new systems have the ability to report their location back using GPS Navigation, voice commands and direct control over certain areas of the vehicles operation including acceleration, braking and many auxiliary systems. Once the exploit has taken hold in theory anyone anywhere could tamper with those controls and do what they wish.”
Could other cars be hacked in a similar fashion?
“In theory yes, car manufacturers are starting to take note and tighten up their systems but often these upgrades can only be done physically from inside the car using USB or direct connection and some people will just not be aware they are available or how to get them. Any car that has advanced electronics with internet connectivity “could be” at risk, the more advanced it is the higher the risk.”
What should people do to prevent their cars from being hacked in this fashion? If at all!
“Always ensure you are fully aware of any updates that need doing from your car manufacturer. If any do become available get them patched right now, not at the weekend or when you next service your vehicle. Treat every patch with the utmost urgency even if they don’t state it fixes any security vulnerabilities, some may not want to broadcast there was a problem in the first place.”
What other things should be done to prevent such an incident happening in the real world?
“The car manufacturers need to understand the importance of segregating controls that can be accessed from the different systems. Car security is no different than IT security, all car manufacturers have an obligation to protect the driver and passengers no matter how small the chance of attack could be.”