Would you want to drive a vehicle where hackers can use a remote interface to the entertainment system to change your radio station, or switch off the air conditioning, or disable the brakes, or take control of the steering, or stop the engine when you are driving at 70mph? In this incredible video, two hackers prove they can do all that to a Jeep Cherokee.
The hackers are Charlie Miller and Chris Valasek, and they want money and resources so they can see if they can find similar weaknesses in the interfaces of other cars. They deserve support and encouragement. Meanwhile car manufacturers need to raise their game, and put as much investment into researching and preventing hacking as they put into crash simulation and anti-theft devices. If not, the consequences could be devastating.
Thankfully, car manufacturer Fiat Chrysler has now recalled 1.4 million cars in order to update the uConnect system that was hacked by Miller and Valasek. Nevertheless, Miller made an excellent point when issuing this tweet soon after.
I wonder what is cheaper, designing secure cars or doing recalls?
— Charlie Miller (@0xcharlie) July 24, 2015
Fiat Chrysler tried to hide behind the skirts of the law whilst explaining the need for a recall, saying that hacking cars is a ‘criminal action’. That may be so, but I want any car I drive to be unhackable. I do not want to drive a car where the deterrent to any hacker who wants to kill me is that they risk punishment for hacking in addition to the punishment for my murder. Furthermore, I want guys like Miller and Valasek to be encouraged to find security and safety weaknesses that big businesses have failed to address. They should be rewarded for their efforts, not treated like criminals.
We should all treat this as a wake-up call. Our industry is far too relaxed about security surrounding the Internet of Things. Customers may enjoy having a stereo music system which can connect to the internet, but nobody would risk their life for it. Software development models usually involve a ‘reasonable’ amount of testing that leaves some bugs and flaws to be captured only after the product has been sold to a mass market. When applied to the Internet of Things, that approach is inadequate, and the consequences of failure may be far greater than corrupted data or compromised privacy.
You can learn more about Miller and Valasek, and how they hacked the Jeep Cherokee from this article at Wired.