It is easy to forget that there is more computing power in most cars than many computers — until those cars display the same vulnerabilities that computers do. In recent weeks, hackers in the United States have taken over a Tesla Model S, a Jeep Cherokee and a General Motors vehicle, all while each car was being driven. The levels of control varied from vehicle to vehicle, but the danger was real in each case. Auto manufacturers and consumers alike need to take this threat seriously.
Last month, cybersecurity researchers took control of a Jeep Cherokee while it was being driven, using its vehicle-connectivity system to first manipulate the radio and windshield wipers, and then cut off the transmission and disconnect the brakes. Two other researchers took control of the Tesla’s onboard computer, controlling the entertainment system, the windows door locks and the trunk at low speeds; at higher speeds the engine shut off while the driver could steer and brake the car. In the case of the Jeep, the hack was done from a remote laptop; the Tesla hack was originally done via access to the car’s Ethernet connection but remotely afterward.
The Jeep incident prompted Chrysler to recall 1.4 million vehicles for a fix. (The recall actually includes the mailing of USB flash drives containing the patch.) Tesla has developed an over-the-air software update that can be downloaded by the owner via Wi-Fi or cellular connection.
There are several obvious lessons. First, automakers need to isolate onboard entertainment systems from vehicle networks. The former are easier to hack and offer inviting targets. Second, manufacturers should have the ability to patch software vulnerabilities over the air, as is the case with most computer software, rather than through hardware.
The most important lesson, however, is that automakers and consumers need to recognize the increasing vulnerability of their cars to hacks. New vehicles are computers on wheels. The expanding array of online services and features that come with every new car creates an equally expansive number of access points for outsiders to do mischief or worse. Seat belts, while necessary, are not sufficient.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.