Sometime next month, if all goes well, California battery carmaker Tesla Motors plans to ask a select group of owners to begin testing its latest vehicle operating system. Dubbed version 7.0, it will include a beta version of Tesla’s new Pilot system which will offer the ability to drive on the highway hands-free.
As with previous updates for the Model S sedan, Tesla will upload the software wirelessly, rather than requiring owners to visit its showrooms. It’s an approach many other automakers are expected to adopt in the coming years. But it also raises some serious concerns among industry observers who question whether such an approach might make it easy for hackers to shift their focus from computers to cars.
The risk was highlighted this past week when a pair of professional hackers gained access to a 2014 Jeep Cherokee driven by a reporter working for Wired magazine. They turned on the Jeep’s windshield wipers, shut the engine down while it was being driven down the highway, took control of the steering wheel and then disabled its brakes, sending it into a ditch.
Fiat Chrysler last week recalled 1.4 million vehicles to update their software in a bid to lock out hackers. But few observers believe that will completely resolve the problem.
“Five years ago, the auto industry did not consider cyber-security as a near-term problem,” said Egil Juliussen, a senior analyst and research director with IHS Automotive. “For the auto industry, this is a very important event and shows that cyber-security protection is needed even sooner than previously planned.”
(FCA agrees to record $105 mil fine over mishandled recalls. Click Here for more.)
There are several reasons why cyber-security is becoming such a critical issue so quickly. For one thing, automakers are adding new technologies to their vehicles at a prodigious pace, everything from radar-controlled collision warning to advanced infotainment systems. They’re also opening up a number of new channels into the vehicle, noted Saar Dickman, CEO of TowerSec, an Israeli-based firm developing automotive security technology.
While Dickman wouldn’t discuss specific ways hackers might target a vehicle, other experts point to the new 4G LTE systems Chevrolet, Audi, Chrysler and other manufacturers are adding. There are channels normally open to satellite radio broadcasts. Even the tire pressure monitoring systems all cars are now required to come with potentially could be used to gain entry into a car’s complex computer network.
(Consumer Reports warns of cybersecurity risks to cars. Click Here for the story.)
Meanwhile, federal regulators are studying plans to require future vehicles be capable of wirelessly linking up to both car-to-car and car-to-infrastructure communications networks that would offer advisories on traffic conditions, weather and crashes.
“You’re providing more services and more access,” said Dickman. “You want to embrace innovation, but you have to understand the risks that come with it.”
If vehicle security followed the conventional path, motorists would have to sign up for anti-spam and anti-virus software similar to what’s in use on their desktops, laptops, and even tablets and smartphones. But as recent hack attacks on online retailers like Target, and even seemingly “hardened” systems like the Pentagon, have shown that approach is less and less effective.
The automobile is particular vulnerable because of both the amount of hardware and software onboard. Even an entry-level vehicle might have dozens of microprocessors. And more complex models often rely on over 100 million lines of code – more than is used in a modern jumbo jet or even the latest fighter aircraft, experts note.
Several alternative security systems are under development. The Battelle Center for Advanced Vehicle Environments has developed a concept called NEM – short for a Network Enforcement Module. It takes a snapshot of what things are supposed to look like from a software standpoint when the vehicle is just rolling off the assembly line. If, suddenly, there’s an anomaly, the car wants to veer left when you’re steering to the right, for example, a NEM would recognize an inadvertent system failure or the possibility the vehicle was hacked. It would immediately switch to a fall-back program.
While Dickman wouldn’t discuss specifics of TowerSec’s EcuShield system, it likewise is meant to recognize potential anomalies and block hackers from making changes to a vehicle’s software. Under development for several years, the company is hoping to see the technology go into production “soon.” It would add about $10 to the cost of a typical vehicle, Dickman noted.
(Automakers face issues of privacy, as well as security, in era of high-tech cars. Click Here for the full story.)
During a visit to Detroit early this week, National Highway Traffic Safety Administration chief Mark Rosekind stressed the potential benefits of new technologies like collision warning and autonomous driving. They have the promise of sharply reducing the number of deaths that occur each year on U.S. roads.
“This technology has a huge potential for the future,” he said, but Rosekind quickly added that the auto industry must make sure that hackers aren’t able to access tomorrow’s vehicles the way they’ve cracked open so many home computers and business servers. Otherwise, the consequences, experts agree, could be catastrophic.
(A version of this story originally appeared on NBCNews.com.)
Did anyone with a clue NOT know this was going to happen? When computer software is written, the last thing most entities look at is security. The naïve folks think that no one will be able to reverse engineer their software and as such there is no safety concern. This Jeep hi-jack should be a wake-up call to all who write PC software regardless of the application. It should also be a wake-up call for authorities that all software programmers and hackers should be held accountable for their actions and negligence.