What if this happened to you?
You’re driving 70mph on a freeway in your home town. Suddenly icy air blasts from the vents though you haven’t touched a thing. Hip-hop blares from your speakers – and you like the classics. Wiper fluid sprays your windshield as your wipers start swiping full-speed. You panic. What’s going to happen next?
That’s when the image of two guys in track suits appears on your digital display. “Surprise,” they seem to be saying.
You’ve been hacked.
This really happened. Wired tells the whole story here (and don’t worry: it was a planned attack by safety researchers, one that showed the vulnerability of a certain car model to “zero day exploits”).
Last week I wrote about the SEMA show – the world’s leading confab for aftermarket car modifications and enhancements. It was #tbt so we looked to the past. Now it’s time for the future – and for people who modify their cars (and that audience may be bigger than some might think), that future is one we should be aware of. SEMA’s original mission – to keep racers, performance enthusiasts and people in general safe as cars are customized and modified – might well be becoming more important than ever.
See, the vulnerability that let those two researchers take over the Cherokee’s digital controls was part of the car’s standard equipment: put in place by all automotive manufacturers to make it easier to diagnose issues, upgrade vehicle operating systems, monitor maintenance, cover emissions requirements etc. It’s the OS or brains of your car.
But more and more, digital innovations are finding their way to the dashboard and vehicle OS at the hands of everyday drivers – and without the framework of standards and security controls to ensure their integrity. All that stuff that scares us about viruses and hacks and privacy breaches? That’s one thing for the devices on our desktops or in our pockets. It’s another thing entirely for the vehicles rolling along our city streets and highways. A month after the Wired article shared above, the publisher published a story about hacking a car’s braking system, entering through a user-added device.
“…a new piece of research suggests there may be an even easier way for hackers to wirelessly access those critical driving functions: Through an entire industry of potentially insecure, internet-enabled gadgets plugged directly into cars’ most sensitive brains.
“…researchers from the University of California at San Diego plan to reveal a technique they could have used to wirelessly hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency. By sending carefully crafted SMS messages to one of those cheap dongles connected to the dashboard of a Corvette, the researchers were able to transmit commands to the car’s CAN bus—the internal network that controls its physical driving systems—turning on the Corvette’s windshield wipers and even enabling or disabling its brakes.
“We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” says Stefan Savage, the University of California at San Diego computer security professor who led the project. The result, he says, is that the dongles ‘provide multiple ways to remotely…control just about anything on the vehicle they were connected to.’”
Want to see what it looks like? Watch here:
Wired added that the device exploited to enter the car’s brain was a commercially-available OBD2 dongle (via France-based Mobile Devices) used by innovators like, in this case, a per-mile insurance startup.
You can read the full article here (thanks, Wired – great insights on both reports).
I’m not one to say stop innovating – anything but that, please.
But helping consumers understand the big picture of these changes we bring to our cars – and lives – that’s where I think the SEMA story has only just begun. Without getting all scare-tacticy (if that’s a word), I do think about nefarious intent and what that might mean to an increasingly digital driving experience (like the one Jalopnik featured today: “Tesla’s Autopilot is Awesome and Creepy and a Sign of a Beautiful Future” – worth watching if only for the response of the hands-off guy in the driver’s seat). You only have to look back at exploits like the ±2009 Conficker virus attack to let your sci-fi imagination run wild.
Yet consumer-oriented modifications are increasingly right within our reach, and many of them can help us tune our cars (and even driving) better than ever before. How do we keep drivers aware and protected, help people get the driving experience they want, and keep the roads safe for people who simply want to get from here to there?
As I said last week, SEMA 2015 is going to be an interesting place for a game-changing conversation.