The risks of the Internet of Things:

car hacking

Read time: 6 minutes

News & Blog Blog The risks of the Internet of Things: car hacking

The risks of the Internet of Things: car hacking

Gwenny Nales

Gwenny Nales

Corporate Communications Manager at Van Ameyde

Read time: 6 minutes
Imagine driving at 70mph (over 100 kmh) and your car controls, steering, accelerator or brakes fail… In July wired.com reported on the experiment of hijacking the control of a car by hacking it. Suffice to say that the driver was a volunteer ‘digital crash test dummy’, as the article’s author describes himself, and aware of what was happening, but it didn’t make the experiment any less frightening.
The Internet of Things may seem a blessing, but according to The Economist, computer scientists call it a disaster in the making. With computer technology being embedded in anything ranging from refrigerators to cars and even medical devices such as pacemakers, manufacturers can no longer afford to treat security as an afterthought.

According to The Economist, three things would help make the internet of things less vulnerable. Manufacturers should be compelled to ensure that their products can be patched to fix security issues. A proper liability regime is the second defence: the use of responsibility disclaimers for bad consequences of using products becomes untenable. And finally, rather than shooting the messenger, companies should embrace a culture of openness, in which researchers are rewarded for bug warnings.

The case: car hacking
The experiment reported on wired.com started innocently enough: the hackers/researchers turned on the vents at maximum setting, then the radio at full volume and subsequently the windscreen wipers. They continued toying with the digital display of the car. From a laptop at a 10-mile distance, the researchers hijacked the car, operating it remotely, leaving the driver powerless.

Wired.com reports that the research shows that hundreds of thousands of cars are vulnerable as a result of the use of Uconnect. Uconnect is an Internet connected feature enabling phone calls and controlling the car’s entertainment and navigation. Using Uconnect as an entry, the hackers then rewrite the car’s firmware *) remotely (no physical access is needed) and plant their code, giving them the ability to control the car.

Suffice to say that these hackers/researchers are the ‘good guys’, Charlie Miller being a former Twitter security researcher and NSA employee and Chris Valasek the director vehicle security research at IOActive, a consultancy firm. Although the industry does not approve of their methods, these researchers are showing the industry the weaknesses of car systems and enable the industry to take measures before less well-intended hackers get their hands on the technology. Whereas their earlier tests revealed weaknesses using a PC wired into the car dashboards, this test was entirely wireless.

Inspiring legislation
Their research is now inspiring legislation on new digital security standards for cars. In addition, Miller and Valasek have been sharing their findings with the manufacturer of the cars tested. As a result of this research, the manufacturer in question has created a patch and has issued a recall for 1.4 million (!) cars.

Security and liability
Security and liability are major issues for developers of driverless cars. Regulators are particularly worried about hacked driverless cars becoming mules for criminal activities. And then there’s the question of liability: if responsibility shifts from the driver to the manufacturer, the impact on the motor liability insurance industry will be huge.

 

*) Firmware is a piece of software programmed on a hardware device, stored in the devices flash read-only memory (ROM). Without firmware the hardware does not function and communicate with other devices.
Data breach and hacking: what you can do

Share This