Will Feared Hacks Prevent Connected-Car Production?
by Megan Ray Nichols
From Tesla to Google to Jeep, it seems like everyone is working on autonomous cars and vehicles that are connected to the internet at all times. While the idea of autonomous cars is good in theory, in practice it has created the need for additional vehicle-related cybersecurity practices to prevent hackers from taking control of a connected car or its systems. What does this need for additional security mean for car production?
Cybersecurity in Daily Life
With everything from your smart fridge to your kid’s Barbie doll connected to the internet, increased attention to cybersecurity is becoming part of our daily lives. Recent DDoS attacks on DNS servers, like those handled by server company Dyn, were largely staged by utilizing unsecured Internet of Things devices like DVRs and smart fridges. These devices were not password protected, enabling hackers to use their IP addresses to bombard the DNS servers with false requests.
Connected vehicles are similarly at risk. Hackers in 2015 identified a weakness in the onboard Wi-Fi of one of Jeep’s newer models that allowed them to take over the vehicle from a distance. A Wired writer drove the Jeep as part of the demonstration. From their laptop, far outside the vehicle itself, hackers Charlie Miller and Chris Valasek were able to turn on the windshield wipers, control the radio and even take over the accelerator and transmission, finally slowing the Jeep to a stop.
Production, Sales and Implementation
In spite of the risks, the fervor for autonomous and connected cars hasn’t cooled. Tesla saw big sales gains in 2016, and more car manufacturers are adding wi-fi and other features to their models, bolstering the internet of things by creating cars that generate their own internet and can be tracked anywhere in the country.
Most people aren’t concerned about car hacking, with some even calling it a hypothetical threat in spite of all the evidence to the contrary. Hacking someone’s car isn’t the same as breaking a window or picking a lock. It requires a high level of technical expertise the average car thief may not have in the present moment. This might change in the future, but for now the number of individuals who can hack a car and would do so for nefarious purposes is fairly low.
Precautions to Avoid Being Hacked
Though hacks aren’t a common concern right now, there are still steps you can take to protect your car from hackers:
• Keep up with your updates. Just like your computer, car manufacturers release software updates to keep your car running smoothly and protect against any potential threat.
• Don’t modify your car’s software. Aftermarket software modifications might improve the performance of certain aspects of your car, but they could also leave your vehicle vulnerable to attack. Aftermarket modifications might also void your car’s warranty or leave you unable to install any manufacturer-issued software updates.
• Be careful of 3rd-party hardware. Anything you plug into your car could be a source for a potential breach. Just be careful of what you plug in.
Who’s Legally Responsible for Hacked Cars in an Accident?
One of the biggest questions is one that hasn’t really been addressed yet — who is responsible if an autonomous or networked car is hacked, if it results in an accident?
Your first thought might be that the hackers should be held legally responsible. While you would be correct, it’s hard or even impossible to find hackers once they’ve disconnected.
Another possible point of blame could be the car manufacturer, if it was aware there was a security vulnerability that allowed hackers to take control of its cars. This would only be the case if it was aware of the breach but didn’t take any action to prevent the hacks from taking place.
Right now, while a skilled lawyer could probably navigate the ins and outs of such a case, there is no specific legislation or law on the books that explains how to handle it. This could change in the future, as more and more cars join the internet of things, but as of right now there is no need for such a law because these cases are so few and far between.
Autonomous and networked cars could be a great tool to keep drivers safe on the road, but only if they can be kept secure and protected from hackers. This potential need for increased cybersecurity hasn’t discouraged people from buying connected cars, so all we can do is hope that car manufacturers step up their security game to protect drivers in the future.