I wrote about the issue of car hacking about 6 months ago. Since then, the predictable has happened. The threat has been shown to be even worse through a new proof of concept hack that allowed a 2014 Jeep Cherokee to be remotely, wirelessly controlled from 10 miles away. In this controlled demonstration, the driver knew he was going to be hacked but still experienced a combination of weird and frightening scenarios including:
- radio turning on spontaneously blaring music and can’t be turned down or off
- windshield wipers (complete with washer fluid spray) operating on their own
- engine slowing to a crawl
- losing control of the steering wheel
- horn honking on its own
Crazy stuff, huh?
Before you dismiss this threat because you don’t drive that model of vehicle, bear in mind that the guys behind this hack believe that there are many more models as well. One estimate has the number at more than 470,000 vehicles vulnerable to this particular exploit alone.
Why these internal systems would ever be accessible remotely is the question that automakers need to answer. At a minimum there should be an “air gap” separating these systems:
- vehicle control system
- entertainment system
- monitoring system
Only the latter should be remotely accessible and even that one is debatable.
The bottom line here is that we are in the early days of Internet of Things (IoT) and vehicle/computer integration. Unfortunately, the focus seems to be on building the functionality and taking care of security as an afterthought. Things are likely to get worse before they get better so buckle up and be prepared for a rough ride…