Since the news came out that a Jeep’s infotainment system had been hacked by researchers, the automotive world has been very interested to find out more details about what the hack actually allowed the team to do. Now we are finally hearing some details.
The Story So Far
After a research team of hackers managed to gain control of a Jeep Cherokee the idea and concerns about what hackers could actually do to cars have grown. The US Government are actually trying to pass some legislation to hold car manufacturers to account over their cars’ potential vulnerability to this kind of attack. The aim is to make sure that cyber security for cars becomes something that is addressed properly rather than being ignored in favor of just getting the technology out there for people to buy.
What They Actually Did
The question of what the hackers actually managed to control in the Jeep was not answered for sometime but now the details have surfaced and they are rather scary. The hack itself was done from around 10 miles away and the Jeep was moving on a public road, this means the hack was done in a very “real world” situation. The hackers used what they called a flaw in the infotainment system to gain access to the cars computer. When they had access they were able to do a number of things like changing the climate control settings and the music and audio settings. These things are worrying but not likely to be fatal, the really scary news is that they were able to deactivate the throttle while the car was moving at high speed and at lower speeds actually able to apply or deactivate the brakes and turn the engine off. The consequences of this kind of control over public vehicles are potentially catastrophic and really don’t bare thinking about.
The Next Steps
This only happened in the US to cars in the US, no UK cars were found to be vulnerable and the cars in the US that were have been recalled. So the immediate danger has been addressed, however it is the longer term potential of the research that causes more concern. The US Government, as part of producing a new security bill, asked 20 car makers what procedures they had in place to protect the cars and drivers. 16 responded and only 7 said they had actually worked with outside agencies that were specialists in cyber security. This suggests that unless they employed a crack team internally they had not addressed the problem at all.
It does seem the governments in the UK and US are taking this very seriously and with the rise of the driverless cars that is no surprise. Part of the legislation regarding these autonomous vehicles in the UK actually addresses the security issue and it will not let the cars into the testing phase unless security is well covered. This concern must be rolled out to all cars that have any kind of connected technology to avoid any issues in the future, be prepared to see a lot more news about this subject, it is likely to run and run.