One of the big complaints I’ve had with cars and trucks (including ours) since the 90s is the increasing reliance on onboard computers which control nearly every aspect of the vehicle’s performance. I’m sure there must be a number of benefits to it, but it makes home repair of your car (which I used to quite enjoy) impossible in many cases unless you own a computer test station costing as much as the vehicle. Also, your car can break down because of a computer failure when there’s nothing actually wrong with the mechanical performance of the engine or drive train, but the car thinks there’s something wrong because a sensor went on the fritz. This has happened to me.
Now the cars are even “smarter” and the entertainment systems – at a minimum – are hooking into the internet and talking to remote systems located God only knows where. What could possibly go wrong? Well, here’s what could go wrong. Hackers can take over and disable your car while you’re driving it. Wired reporter Andy Greenberg got to experience it first hand as part of an experiment he volunteered for.
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
Granted, those symptoms would no doubt be alarming if you didn’t know that a “friendly” hacker was doing it with your permission, but at least it’s not fatal to have your radio or windshield wipers going crazy on you. But wait… there’s more.
As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.
Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.
In a way I feel almost guilty helping to publicize this story, but the cat is clearly already out of the bag. If these two guys figured out how to do it, there’s thousands of others who will be able to copy or improve on the method. Even if there weren’t hackers doing this on a broad scale before, they’re going to be out there in force now trying out the cool new toy. If it’s possible to hack into our cars’ control systems, somebody is going to be doing it and it’s almost a certainty that somebody is going to die.
The possibilities go far beyond mere mischief. Someone with enough money could arrange with a hacker to have their enemy, creditor or spouse “have an accident” on a major freeway and who would be the wiser? Could they break into an armored car or a police vehicle in the same fashion? It sounds like the possibilities are limitless.
So what are auto manufacturers going to do about it? Even if they isolate the one exposure in their software which these particular hackers used, another one will pop up. It always happens. Hackers are simply too numerous and successful and they always manage to stay one step ahead of the establishment. So no… “fixing” the software today won’t fix things for tomorrow. There should be an option offered for owners to isolate their cars from the internet entirely if they wish. And if they don’t then the risk transfers to them.
I’ve been telling you forever that the internet is ruining everything. Now get off my lawn.