As many customers of Home Depot, Target, JP Morgan Chase, and countless other companies know all too well, being on the business end of a cyber-attack is a major headache. While a typical cyber security breach is a nightmare for both companies and customers, they seldom have the potential to risk life and limb. When it is a car that is hacked, one’s life steering into the ditch is no longer a figurative matter.
Earlier this month two security researchers hacked into the Uconnect dashboard computer of a Jeep being driven by a reporter for Wired. The hack managed to take control of the Jeep’s dashboard functions, transmission, steering, and brakes. The result put the Jeep and the reporter in the ditch — literally.
The hacker/researchers promptly alerted Fiat Chrysler Automobiles (FCA) of the vulnerability, and the company recalled 1.4 million vehicles. Affected customers won’t have to bring their vehicles into dealerships. Instead, FCA will mail customers USB sticks that patch vehicle software and improve security once plugged into the vehicle’s dash.
Chrysler is also beefing up security on the network level by adding tools that detect and block such attacks on the Sprint network, which is the provider that connects Chrysler vehicles to the Internet. One of the researchers who originally exposed the Chrysler vulnerability retested the hack and found the Sprint network is now blocking the attack.
While the danger for FCA seems to have passed (the company says it’s not aware of any of its vehicles being hacked outside the researchers’ demonstration), the fact that hackers were able to exploit software vulnerabilities and effectively take over a vehicle’s operation is likely to raise concerns throughout the industry as the number of connected cars continues to rise.
Fully autonomous vehicles are still several years off, at least in terms of commercial viability. But getting to that point is a matter of degrees, and several of those degrees are original equipment on vehicles that are available right now. Some, mostly high-end, vehicles have self-braking and highly automated cruise-control systems. As cars take over more of the work of actually driving, the stakes of protecting against hacks go up.
While cars become increasingly connected, the issue of additional hacks is more a matter of when than if, according to Rainer Scholz, executive director of EY, a telematics and mobility consulting firm. As Scholz told Automotive News…
“The difficulty for the carmakers at the moment is the question whether they can keep pace with advances in technology, and especially hacking technology,” Scholz said. “We seriously doubt they can.”
Not surprisingly, the Jeep hack has attracted the attention of federal regulators and even members of the US Senate. Last week the National Highway Traffic Safety Administration (NHTSA) said it was launching an investigation into the FCA recall to ensure all affected vehicles were included and to determine if any further security risks exist. Earlier this month US Senators Edward Markey and Richard Blumenthal urged NHTSA to move swiftly in order to assuage the concerns of US motorists.
Industry Impact: Global carmakers are likely to devote more resources to ensure their vehicles’ connectivity capabilities are protected from potential security threats. However, the high profile of the FCA breach may also result in increased government and regulatory oversight of vehicle connectivity systems and safety.
James Bryant is an industry editor for Dun & Bradstreet. Based in Austin, Texas, he writes about issues affecting the global manufacturing sector. He’s been the company’s specialist on the auto industry for 15 years.
Photo courtesy of Fiat Chrysler Automobiles