Can Hackers Remote Control Your Car? Probably.
The computer systems designed to protect drivers may keep car jackers out, but they let car jackers in.
For luxury car owners, the systems that protect against thieves—verifying fingerprints, for instance, and automatic vehicle shutdown—are a godsend. But it’s increasingly apparent that they’re also a Trojan horse, opening the door to the growing number of car hackers. According to researchers at this week’s Black Hat hacker conference in Las Vegas, an event that causes an annual panic in at least one industry, modern features like adaptive cruise control and autonomous braking allow practitioners of the digital dark arts to take remote control of sedans and SUVs.
It’s not just the security features that hackers are breaching. Something called “frontal pedestrian impact mitigation braking,” which kicks in when detectors sense an impending impact, and lane keeping assist, which corrects steering in a car drifting across a highway are provably vulnerable to hackers.
Britain has already legalized self-driving cars and Google’s extreme automatics are cruising around Silicon Valley. The idea of a computer driving Miss Daisy seems more inevitable than worrisome. The problem arises when old-school hardware mixes with fresh code: the ones and zeroes rarely mesh perfectly with aluminum alloy. The problem, in essence, is that hydraulics are dumb and can’t discern one scenario from another. If a computer has permission to operate them in a specific scenario – while parking, for instance – all hackers have to do is simulate that scenario and that pedal is suddenly under their control. Unnervingly, the same goes for the gas intake and the steering column.
Charlie Miller and Christopher Valasek, the digital security specialists who will spend this coming Wednesday explaining how they managed to seize control of a Prius and an Explorer using a laptop and DARPA grant money, are about to give consumers a reason to panic. Manufacturers? Not so much. The industry has been warned: Back in December, Representative Ed Markey, a Massachusetts Democrats with a cultivated distaste for the NHTSA, sent a letter to over a dozen domestic and foreign manufacturers asking about digital security. He was particularly focused on wireless vulnerabilities (because a hacker outside the car is probably less concerned about its safety) and about the testing of third-party technologies.
If he’s gotten a response, Rep. Markey hasn’t made it public.
What Miller and Valasek’s work proves is that the line between safety feature and security system isn’t even dotted any more. Safety features designed to help the driver become a hazard when they present a major security issue. Though there is an easy way to solve this problem (rip out the wires), no one wants to see effective technologies scrapped because of hypothetical wrongdoers.
Instead, the NHTSA should ask manufacturers to answer the questions Markey is asking on every new car’s specification sheet. That’s only fair to consumers who don’t want to get taken for a ride. After that, the agency probably just needs to hire itself a hacker. Hopefully they can find someone at the Black Hat conference. It’s a good place to network.
Photos by Getty Images