Skip to main content

Smart cars are hackable cars. Are the features worth the risk?

Jeep interior
Image used with permission by copyright holder
The automotive world is one of give and take. If you want hardcore performance, you sacrifice comfort; if you prioritize fuel economy and luxury, you probably won’t be king of the racetrack; and if you have a connected car, you may be vulnerable to hackers.

Cybersecurity concerns have swirled around the transportation sector for some time, but never with the same gravitas that coursed through the blogosphere last week. Chris Valasek — Director of Vehicle Security Research for the security consultancy IOActive — and Charlie Miller — a former NSA employee — were able to able to hijack a Jeep Cherokee’s Unconnect infotainment system via the car’s cellular network. Once they were in, the duo was able to send signals to the car’s computer system, manipulating the brakes, engine, and transmission with a couple laptops in a living room. All they needed was the vehicle’s IP address.

Recommended Videos

If you’re still driving your grandpa’s 1968 Oldsmobile, you probably weren’t too worried. If you own a more modern car though, one packed with wireless features and the ability to link with mobile devices, the news probably gave you some pause. And for good reason.

Charlie Miller (left) and Chris Valasek (right)
Charlie Miller (left) and Chris Valasek (right) Whitney Curtis/Wired

The modern car market demands increased functionality and inter-device communication from the factory, and there are unique security threats that come along with that. Any time a vehicle’s systems are connected to the Internet — directly or indirectly — there will be gaps in the digital armor. The fallout could be something as simple as an unresponsive radio or flashing headlights, but as we found out last week, cybercriminals can potentially access a car’s vital systems remotely, and we don’t need to explain how dangerous that is.

Any time a vehicle’s systems are connected to the Internet — directly or indirectly — there will be gaps in the digital armor.

We have yet to hear about a harmful unauthorized attack on a passenger vehicle, and clearly Valasek and Miller are not amateurs, but the vulnerabilities are clear. It’s not just Jeep vehicles either: nearly every major automaker offers an infotainment system that’s connected to the Web: Ford, Toyota, Honda, Volvo, Volkswagen, Subaru, Hyundai … you name it. Tesla’s newest vehicles can even download powertrain updates over the air, which directly affect the car’s acceleration. Is it only a matter of time before something horrible happens outside of a controlled experiment?

For answers, we turn to the carmakers themselves, and Fiat Chrysler’s initial response to the events was quite interesting. On July 22, the brand put out a press release, explaining that “some functions” had been remotely controlled, and that the automotive industry is a potential hacking target like any other. After the community began to flex its muscles, the company implemented a recall of 1.4 million vehicles, issuing USB sticks that contained a software patch to every owner alongside network-level security measures. Mailing out a truckload of thumb drives seems like an ironically insecure way to fix the problem, but a major automaker has admitted that modern cars are at risk from the attacks of cybercriminals. That’s big.

It’s impossible to say whether or not the company would have issued the recall if it weren’t for the original Wired story, but there is a clear cause and effect here — call the manufacturers out on their failings and they will address them. If we don’t? That’s a scary thought.

The U.S. government has responded as well. Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) have introduced a new bill called The Security and Privacy in Your Car Act (SPY Car Act). The legislation will direct the National Highway Traffic Safety Administration and the Federal Trade Commission to set industrywide benchmarks to protect driver safety and privacy, shining regulatory light on an issue that was largely contained within the automotive sector until now.

“Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data-trackers,” said Senator Blumenthal. “This common-sense legislation protects the public against cybercriminals who exploit exciting advances in technology like self-driving and wireless connected cars. Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes.”

It’s a start, but in the meantime, there will be hiccups. Personal safety and priceless information are all at stake here, but despite our best efforts, federal agencies, credit card machines, dating websites, and celebrity Twitter accounts are hacked every single day. It’s a constant rat race to keep up, and unfortunately for us, it’s not always the guy with the suit and tie that gets there first.

As car buyers, we crave connectivity. We lust for convenience. But are we ready to live with the consequences?

Andrew Hard
Former Digital Trends Contributor
Andrew first started writing in middle school and hasn't put the pen down since. Whether it's technology, music, sports, or…
Tesla and Elon Musk sued over use of AI image at Cybercab event
tesla and spacex CEO elon musk stylized image

Tesla’s recent We, Robot presentation has run into trouble, with one of the production companies behind Blade Runner 2049 suing Tesla and its CEO, Elon Musk, for alleged copyright infringement.

Tesla used the glitzy October 10 event to unveil its Cybercab and Robovan, and also to showcase the latest version of its Optimus humanoid robot.

Read more
Qualcomm wants to power your next car with the Snapdragon Cockpit and Ride Elite platforms
Qualcomm Snapdragon Cockpit Elite and Ride Elite automotive platforms

It’s been a big year for Qualcomm. Alongside its massive launch into laptop chips through the Snapdragon X Elite series, Qualcomm is now entering the automotive space. The company has announced the new Qualcomm Snapdragon Cockpit Elite and Snapdragon Ride Elite platforms at its annual Snapdragon Summit, which it flew me out to attend.

The two platforms are designed for different purposes, and can be used togetheror separately. The Snapdragon Cockpit Elite is built for in-vehicle infotainment systems and services, while the Snapdragon Ride Elite is built to power autonomous vehicle systems, including all the cameras and sensors that go into those systems.

Read more
Scout Traveler and Scout Terra forge a new path for EVs
Scout Traveler and Scout Terra.

Electric vehicles are inseparable from newness, whether it’s new tech, new designs, or new companies like Rivian, Lucid, and Tesla. But the Volkswagen Group’s new EV-only brand also relies heavily on the past.

Unveiled Thursday, the Scout Traveler electric SUV and Scout Terra electric pickup truck are modern interpretations of the classic International Harvester Scout. Manufactured from 1961 to 1980, the original Scout helped popularize the idea of the rugged, off-road-capable utility vehicle, setting the stage for modern SUVs.

Read more