Get ready for a world of hackable cars – USA TODAY
SAN FRANCISCO – Americans love the Internet, they love cars and they really love Internet-connected cars. A survey by Kelley Blue Book found that 42% support making cars more connected — a figure that jumps to 60% for Millennials.
At the same time, 62% fear cars in the future will be easily hacked.
Not surprisingly, given the public’s somewhat cavalier attitude towards protecting their phones and computers from hackers, they’re unwilling to give up the convenience of a connected car to protect against a hypothetical hack.
For example, just 13% said they would never use an app if it increase the potential for their vehicle to be hacked.
Which is why figuring out how to hack cars is a growing area of specialization in some quarters.
“If you want all these features, security can’t be an afterthought,” said Charlie Miller, who together with Chris Valasek famously hacked a Jeep Cherokee last year.
The duo presented a workshop on Car Hacking 101 at the RSA computer security conference on Wednesday. It was one of several on the topic presented over the course of the week.
The good news for most Americans is that their cars are too old to be hacked, given that the average auto on the road today is 11-years-old.
“A car that’s 10 or more years old, there’s probably no way to hack it,” said Karl Brauer, a senior director with Kelley Blue Book. He spoke on a panel about vehicle vulnerabilities.
The bad news is that whenever a new car is sold, “that car is going to be a connected car,” said Akshay Anand, an analyst with Kelley Blue Book.
“So if you’ve got GPS or Bluetooth access or a WiFi hotspot in your car — which is coming — there’s a wide range of hacks for getting in,” Brauer said.
That doesn’t appear to bother Americans, for whom convenience seems to trump everything, even the risks associated with sitting in a hackable, 3,000 pound block of metal, plastic and glass moving at 65 miles per hour.
“More than 33% of people out there have already decided that if they don’t get the technology they want in one car, they’re going on to another,” Brauer said.
It’s especially true of younger people.
“Millennials don’t want to go anywhere without being connected, so auto manufacturers are appealing to that,” said Chan Lieu, a senior legislative advisor who focuses on the auto industry for the law firm Venable, in Washington D.C..
Thus far the whole question of what cars are hackable is pretty academic as it’s still too complex, too individualized and too cutting-edge to be an issue.
Which is why, though there are safety standards galore for cars governing crashes, there aren’t yet any for hackability. That’s in part because the systems that make cars accessible to Internet and wireless attack are still being created and change with each passing month, so there’s really nothing to test.
“It’s a dynamic environment. Whereas with a crash test, it’s physics,” said Lieu.
The take-home message for consumers is that worrying about having their car hacked isn’t much of an issue today, but it might be in five or ten years.
The convergence between connected cars and nefarious hackers (as opposed to research hackers) is coming, say Miller and Valasek, who now work at Uber’s Advanced Technologies Center in Pittsburgh, Penn.
“I wrote four lines of Python [a programming language] and owned 1.4 million cars,” Miller said of their Jeep exploit.
For that reason, they publish everything they do in great detail, to help others learn from it so the proper safeguards can be built in.
“It can’t just be five security guys solving the world’s problems. We need to get more people involved,” Valasek said.
Neither worry overly about their own cars getting hacked. Though Miller says he does caution friends to avoid the dongles popular with some auto insurance companies that allow them to monitor a car’s actions.
It’s one thing to trust Ford or Chevrolet. But with those, he said,”you’re not even trusting your insurance company, your’e trusting whoever they bought the dongle from.”