Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Autos

Car hacking: a potential threat

You likely caught a report last month about some computer whizzes hacking an automobile computer.  As detailed in Wired magazine and endlessly reported elsewhere, cybersecurity researchers Charlie Miller and Chris Valasek controlled a Jeep Cherokee’s onboard computer from their laptop.

The skilled hackers spent years developing the necessary software for the hack.  That fact, coupled with the reality that there is no real potential of monetary gain from a hack, infers that random attacks upon unsuspecting motorists are unlikely.

Still, a mischievous individual with the required equipment and skills could duplicate the hackers’ experiment.  While the researchers chose a Jeep, any make or model of a connected car (one with Internet access) could be targeted.  In this case, Miller and Valasek gained access to the Jeep’s central computer through a loophole in the SUV’s Internet-connected radio head unit.

The manufacturer and their cell service provider, Fiat Chrysler Automobiles and Sprint, have since addressed those exploited loopholes.  But before they did, the hackers were able to alter the radio volume, change climate controls, activate wipers, and even disable the transmission while “hidden” several miles away.

The sudden vehicle “antics” were not totally unexpected, since the researchers’ “test dummy” was a writer for Wired magazine who drove the Jeep while the experiment unfolded.  The subject knew there would be an attack, but was unaware of what it would be or when it would happen.  He was amused by the radio, A/C and wipers, but was more alarmed when the transmission was disengaged.

This test was restricted to harmless hacking, but the researchers could easily have toyed with more crucial systems like steering, brakes and engine management.  While Jeep’s loophole has been closed via a recall campaign, it’s obvious that any connected car can be vulnerable to a skilled and determined hacker.  In this test, Miller and Valasek even added a touch of creepiness by displaying their facial images on the Jeep’s digital screen.

Last year, the same hackers took over the controls of a Toyota Prius, but then their laptop was connected by wire — this new attack is the first known wireless effort.

As a result of this and other similar hacks, automakers are planning a new line of defense to be in place by the end of this year.  The Alliance of Automobile manufacturers and the Association of Global Automakers are establishing an Information Sharing and Analysis Center to act as a clearinghouse for intelligence about cyberthreats to vehicles.

Such a central hub would allow sharing of information to help safeguard against and respond to threats.  In fact, while the ISAC will be new to the auto industry, they are “old hat” to other industries, having been effective in dealing with hack threats at financial institutions, health care and retail giants.  A well organized ISAC can help thwart certain attacks and develop effective countermeasures to others.  The auto industry’s ISAC is expected to have a dedicated professional staff of analysts to diagnose and respond to threats if they happen, with a goal of becoming smart enough to end them.

When asked about the seriousness of the threat, Denise Anderson, chair of the National Council of ISACs, responded, “Is it dire right now?  I wouldn’t say so, but now is the time to form the ISAC.  You don’t want to be caught unprepared.”

It looks like the automobile industry is endeavoring to avoid unpreparedness.

Readers may contact Bill Love via email at precisiondriving@spokesman.com.