Crain News report
DETROIT (Aug. 4, 2015) — When two hackers recently took command of a Jeep Cherokee while journalist Andy Greenberg was driving it on public roads, an exploit revealed in a Wired magazine story, everything changed.
Car hacking got real.
This wasn't professors controlling secondary functions while plugged into the auxiliary port of a vehicle. This wasn't CBS correspondent Lesley Stahl in a Chevy knocking over parking lot cones in slow motion.
This was two professional hackers at home using the Internet and software they developed to seize control of the engine and transmission of an unmodified 2014 Cherokee — moving 70 mph on a highway — and slow it to a crawl. They exploited the infotainment system's Internet connectivity and could rewrite its internal firmware to gain control over critical systems.
In this case, hackers Charlie Miller and Chris Valasek are self-described “white hats” and had shared information with Fiat Chrysler Automobiles for months. The auto maker released a software patch for hundreds of thousands of vulnerable 2013 and 2014 vehicles before the Wired piece broke.
The story prompted quick reaction. Two senators introduced a bill to require federal standards for vehicle security. National Highway Traffic Safety Administration (NHTSA) Administrator Mark Rosekind declared, “Cybersecurity and privacy must be high-priority items.”
Auto makers and suppliers already face huge capital and engineering resource challenges to develop multiple fuel-saving technologies by the 2025 model year. Now they must also make vehicle security a higher priority.
The auto industry can take some actions immediately. For starters, engineers designing parts to withstand such threats as heat, cold and vibration must learn to think like hackers and defend against malicious actions, too.
Auto makers must be able to “push” software fixes to improve vehicles wirelessly, rather than asking customers to go to auto dealers for every improvement.
Auto makers should bolster firewalls separating critical controls from connected infotainment features. And auto makers must clearly communicate their security efforts to consumers, lest customers lose confidence in their vehicles.
This editorial appeared in Automotive News, a Detroit-based sister publication of Tire Business.