By now many folks have heard of smart cars. No, not the tiny little 2-doors that you can fit in the trunk of a Cadillac Escalade. I mean “smart” as in connected to the Internet and containing more computers than NASA a la the 1980s. Smart cars today come in all shapes and sizes and hold great promise not just for on-the-go commuters who want to stay connected in transit, but also for those of us who desperately want to reduce (and one day eliminate) the number of folks killed and injured on our highways and neighborhood streets.
Take for example the Jeep Cherokee.
The latest model includes computers galore that allow drivers and their passengers to “ask for directions to a certain address or make a call without taking your hands off the wheel or eyes off the road.” (Source: Jeep.com). You can even use the “available Uconnect® Web+ by Mopar®” to turn your car into a mobile hotspot with WiFi connectivity. The same car also has, “over 70 available Safety and Security features including: Parallel and Perpendicular Park Assist+, ParkSense® Front/Rear Park Assist+, Blind Spot Monitoring+ (BSM) and Cross Path Detection+ with dual radar sensors to monitor driver blind spots…” In short, the Jeep Cherokee is smart – it promises to keep you connected, safe and secure on your journey.
Of course, with every step forward with technology, sometimes it seems we have to take 1 or 2 steps back, which is exactly what ethical hackers Charlie Miller and Chris Valasek demonstrated last week when they wirelessly hacked into a Jeep Cherokee that was traveling down the highway at 70 mph, gaining control of its a/c, radio, windshield wipers and – wait for it – transmission. (Source: Wired Magazine, “Hackers Remotely Kill a Jeep on the Highway—With Me in It,” by Andy Greenberg, July 21, 2015).
The hack was part of an experiment designed to demonstrate to automakers, the public and the journalist driver inside the vehicle just how vulnerable today’s smart cars are to cyberattacks, as well as the potential dire consequences of failing to properly secure connected vehicles traveling down the road. Within days of the article detailing the hack demonstration, Chrysler issued a recall of 1.4 million vehicles “in order fix a software hole that allowed [the] hackers to wirelessly break into some vehicles and electronically control vital functions.” (Source: Computerworld, “Chrysler recalls 1.4M vehicles after Jeep hack,” by Lucas Mearian, July 24, 2015). According to NHTSA, this is the first recall of vehicles because of concerns about cybersecurity. (Source: Reuters, “Fiat Chrysler U.S. to recall vehicles to prevent hacking,” by Bernie Woodall and Joseph Menn, July 24, 2015.)
The federal government has taken notice of these issues. “Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) filed legislation [ ] that would require the federal government to establish standards to ensure that automakers secure a driver against vehicle cyber attacks.” (Source: Computerworld). And while it’s unclear if the auto industry will welcome such government action, the industry almost certainly will not welcome the attention of trial lawyers, one of whom has already filed a class action lawsuit against General Motors, Ford and Toyota, claiming that, “the automakers know their vehicles are vulnerable to remote hacking, but [have failed] to alert consumers about the ‘dangerous defects.'” Source: NetworkWorld, “Ford, GM and Toyota sued for ‘dangerous defects’ in hackable cars,” by Ms. Smith, March 11, 2015).
So as we sit here today, in the summer of 2015, we should be excited but concerned about the connected car future. Will we soon have access to cars that can slow us down, help us stop and altogether avoid life-ending collisions? I hope and believe that we will, sooner rather than later, and for that I am grateful. But at the same time, we also have to hope (and insist) that car makers don’t follow what one of my information security colleagues described to me as, “a rush to market [that] always sacrifices security mainly because it takes much longer to make something secure than it does just to make it.” With millions of cars on the roads and millions of people in and around those cars every day, this is surely one instance in which safety and security really are going to have to be top of mind as companies innovate and push us forward with the smart cars of tomorrow.