Attention Tesla Hackers:
Imagine driving down the road in your awesome new car. You’ve got a whole dash full of helpful features; traction control, automatic lights, GPS, the list is endless. Suddenly, your car veers in the opposite direction than you’re steering, heading towards the side of the road. Frantically, you try to correct it just as your car skids to a stop without you ever getting the chance to brake. Oddly enough, none of your sensors are sounding a warning. Something similar to this recently happened.
There has been much buzz about a recent Chrysler Jeep hack, as reported by Wired. Two professional hackers devoted 1 year to hacking into a Jeep via remote, resulting in a 1.4 million vehicle recall. The hackers were able to hack into the vehicle’s UConnect dashboard computer and take control of a range of functions. The driver was unable to override their hack and soon found himself on the side of the road. The hackers took over dashboard functions and steering, as well as brakes.
As evidenced by this hack, cars and drivers are vulnerable. Sophisticated computer systems, connected to remote networks, are still in the formative years and lack the security needed to insure driver safety. What efforts are being made to thwart attacks?
Thankfully, Chrysler was able to make some quick changes. The recall could be done by downloading the software fix from Chrysler’s website onto a USB drive and uploading it to the dash computer. Also, Chrysler was able to work with the network carrier to block attempts at corrupting the software and the hackers later verified that they had been successfully blocked.
There are some enthusiastic Tesla car hackers as well, as promoted at the recent hacker convention Defcon. Thankfully, the steps Tesla had already taken required the hackers to acquire physical access of a Model S before the system could be controlled remotely. However, once they plugged into the USB port, they were able to control the vehicle from afar. Tesla thanked the hackers for pointing out their vulnerability and responded by increasing the public hacking bounty to a maximum of $10,000.
A manufacturer in the early stages of their business is not as easily embarrassed by a vulnerability as an established company like Chrysler. Tesla has been able to use this advantage to be proactive and generate help, rather than criticism. They have also used the situation to scout out new talent! They are looking to add more highly qualified security researchers to their team and have been spreading the word via hacker conventions and the like.
Car makers are not the only ones taking note of the danger. Two senators have recently introduced a bill to set minimum cybersecurity standards for automobiles. The bill would require car makers to design with security principals in mind. For example, car manufacturers would be required to install features that detect and block attacks. They would also design in such a way as to separate certain physical components from internet connections, preventing vulnerability to remote attacks. Clearly efforts are being made to insure the safety of consumers.
In times past, drivers’ safety considerations involved the manufacturer’s reputation. Now more than ever, reputation is paramount to the success of vehicle sales. The stakes, it would seem, are much higher.