Your vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) nightmares became reality this week, thanks to security researchers Charlie Miller and Chris Valasek. They’ve been able to completely take over a Jeep Cherokee via the chip that provides cellular and wireless connectivity.
Miller and Valasek plan to release a paper on their work and present it at the Black Hat conference, which focuses on digital security issues, in August. The vulnerability, according to the Wired article where the hack was revealed, is in the Uconnect system used by Fiat Chrysler in several models. The company has released a patch for the vulnerability.
Of course, Jeeps aren’t the only connected cars on the road today. And in the near future, cars will also communicate with each other and a city’s infrastructure, like smart traffic lights. At the Intelligent Transportation Systems World Congress in Detroit last fall, experts were predicting that 80% of vehicles on the road would have connected technology by 2020.
How worried should we drivers be? Jim Smith of Ixia, which provides network security for businesses including those in the automotive industry, says this kind of security breach isn’t a big worry today, but it could be in the next three or so years. He says the responsibility for data security in the connected car is on the manufacturers’ shoulders. “Security works best when it’s built into every layer,” Smith said in a phone interview. “The industry is trying to add this as an extra software layer, and it’s not working.”
The potential benefits of connected vehicles are many, like fewer accidents, better traffic flow, and improved fuel economy. But the potential for having your car hacked is real, as Miller and Valasek showed. While the risk is low today, “Auto manufacturers have to make sure consumers know their data and cars are protected,” Smith said. “The need to communicate that security and safety needs to be their top priority.”
Senators Edward J. Markey (D-Mass) and Richard Blumenthal (D-Conn) agree. They’ve introduced legislation known as the SPY Act, for Security and Privacy in Your Car. It would require not only protect against vehicles being hacked but also establish requirements for data privacy.