Will Knight

A View from Will Knight

Chrysler’s Recall of Hackable Cars Won't Be the Last

As carmakers rush to make vehicles more connected, their products are likely to become more vulnerable to attacks.

  • July 24, 2015

Carmakers used to only worry about faulty components or shoddy workmanship leading to a damaging product recall. Now they can add another problem to the list: the risk of meddling computer hackers. And as the industry rushes to make vehicles more computerized and connected, the threat posed by computer flaws could get a lot worse.

Fiat-Chrysler issued a recall today for 1.4 million cars following a demonstration in which two computer security consultants showed that they could take remote control of a Jeep Cherokee, turning up the climate controls and the radio, activating the windscreen wipers, and even cutting the brakes and shutting off the engine.

The researchers behind the stunt, Charlie Miller and Chris Valasek, took over the car from miles away, through the Uconnect service, which links the infotainment systems in Fiat-Chrysler vehicles to the Internet. Almost all carmakers offer similar wireless services as an add-on these days. The recall issued by Fiat-Chrysler states that “exploitation of the software vulnerability may result in unauthorized remote modification and control of certain vehicle systems, increasing the risk of a crash.”

That may be true, but Miller and Valasek’s exploit is also a pretty complicated piece of work. It requires a “zero-day” (that is, previously unknown) software bug, as well as knowing how to reprogram a chip in the entertainment unit and communicate with other systems via the car’s internal network. A little ironically, the cars affected can’t be remotely updated with software patch. Instead you can download one to install yourself here, or have Chrysler mail it to you on a USB stick.

Unfortunately, much easier exploits may not be far away. Carmakers are rushing to add more computers and more connectivity to vehicles, not only for infotainment, but also to make drivetrain components more reconfigurable and customizable (as I reported in “Rebooting the Automobile”). Tesla’s Model S shows where the industry is headed: many of the car’s features can be accessed and controlled via the Internet, using the company’s app, and its hardware is routinely reprogrammed with remote software updates issued from the company. Added complexity and accessibility could make vehicles a much richer target for troublemakers. Borrowing more technology from the consumer electronics industry may also increase the risk, as it means more people will have the skills needed to access and modify a device and its code.

Carmakers do seem to be taking the issue seriously, as do large computer security companies, some of which see protecting vehicles as a big future opportunity. But when I spoke with Miller and Valasek for my story, they said that automakers are moving very slowly to address the problem, and that the computer security of vehicles remains mostly unknown. The good news is that proposed legislation as well as campaigns by computer security experts calling for more transparency and better security practices may help the industry finally get up to speed.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.