We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Will Knight

A View from Will Knight

Chrysler’s Recall of Hackable Cars Won't Be the Last

As carmakers rush to make vehicles more connected, their products are likely to become more vulnerable to attacks.

  • July 24, 2015

Carmakers used to only worry about faulty components or shoddy workmanship leading to a damaging product recall. Now they can add another problem to the list: the risk of meddling computer hackers. And as the industry rushes to make vehicles more computerized and connected, the threat posed by computer flaws could get a lot worse.

Fiat-Chrysler issued a recall today for 1.4 million cars following a demonstration in which two computer security consultants showed that they could take remote control of a Jeep Cherokee, turning up the climate controls and the radio, activating the windscreen wipers, and even cutting the brakes and shutting off the engine.

The researchers behind the stunt, Charlie Miller and Chris Valasek, took over the car from miles away, through the Uconnect service, which links the infotainment systems in Fiat-Chrysler vehicles to the Internet. Almost all carmakers offer similar wireless services as an add-on these days. The recall issued by Fiat-Chrysler states that “exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.”

That may be true, but Miller and Valasek’s exploit is also a pretty complicated piece of work. It requires a “zero-day” (that is, previously unknown) software bug, as well as knowing how to reprogram a chip in the entertainment unit and communicate with other systems via the car’s internal network. A little ironically, the cars affected can’t be remotely updated with software patch. Instead you can download one to install yourself here, or have Chrysler mail it to you on a USB stick.

Unfortunately, much easier exploits may not be far away. Carmakers are rushing to add more computers and more connectivity to vehicles, not only for infotainment, but also to make drivetrain components more reconfigurable and customizable (as I reported in “Rebooting the Automobile”). Tesla’s Model S shows where the industry is headed: many of the car’s features can be accessed and controlled via the Internet, using the company’s app, and its hardware is routinely reprogrammed with remote software updates issued from the company. Added complexity and accessibility could make vehicles a much richer target for troublemakers. Borrowing more technology from the consumer electronics industry may also increase the risk, as it means more people will have the skills needed to access and modify a device and its code.

Carmakers do seem to be taking the issue seriously, as do large computer security companies, some of which see protecting vehicles as a big future opportunity. But when I spoke with Miller and Valasek for my story, they said that automakers are moving very slowly to address the problem, and that the computer security of vehicles remains mostly unknown. The good news is that proposed legislation as well as campaigns by computer security experts calling for more transparency and better security practices may help the industry finally get up to speed.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.