What’s worse than a backseat driver? A remote one, who takes the wheel by hacking into your car’s computer.
Wired’s Andy Greenberg described how cybersecurity researchers Charlie Miller and Chris Valasek hacked his Jeep Cherokee from 10 miles away, causing it to slow to a crawl in the middle of a busy highway. Previously, Mr. Miller and Mr. Valasek had successfully hacked cars from the backseat with their laptops plugged into the diagnostic port, but their new achievement highlights the unique vulnerability of Internet-connected cars.
"There are hundreds of thousands of cars that are vulnerable on the road right now," Miller told Reuters.
As Web-connected cars become the norm, some car manufacturers have been working to preempt the heightened risk of invasion. CNN Money reported last year that Ford, Toyota, and Tesla have all taken steps to safeguard systems.
Ford and Toyota have built protective firewalls built into their hardware and hired teams of hackers to hunt for weak spots. Toyota has also installed chips in cars’ computers to narrow communication and bolster safety.
Tesla has a "responsible disclosure" program that gives hackers incentives to disclose their findings with the company. Valasek also noted last year that Tesla sends its software updates wirelessly, meaning drivers do not need to bring their cars in to have it done on site.
The problem, CNN Money reported, is that all of the computers in a vehicle are connected, meaning a breach into one part of the car gives easy access to others – a problem that vehicle-to-vehicle communication systems and self-driving cars could exacerbate.
The government is taking steps as well. Wired reported that Massachusetts Sen. Ed Markey (D) and Connecticut Sen. Richard Blumenthal (D) are introducing new legislation Tuesday to raise cybersecurity standards of cars sold in the United States.
Sen. Markey surveyed 16 car companies in February about how they handle digital security, and found that adequate security was the exception, not the rule. The bill, a spokesperson told Wired, would have the National Highway Traffic Safety Administration and the Federal Trade Commission set explicit standards regarding security and privacy, and require car manufacturers to display stickers on the windows of new cars indicating the vehicle’s privacy and security ranking.
"Drivers shouldn’t have to choose between being connected and being protected," Markey said in a statement. "Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. We need clear rules of the road that protect cars from hackers and American families from data trackers."
Valasek and Miller’s attack on the Jeep Cherokee echoes a 2011 study by the University of Washington’s Yoshi Kohno and UC San Diego’s Stefan Savage, in which they completed a wireless, remote takeover of a car, becoming the first to do so.
As a measure of consolation, Valasek told LiveScience last year that car hacking is prohibitively complicated and costly for most criminals – for now.
"Generally speaking, car hacking isn't mainstream. It's very difficult and costs lots of money," Valasek said. "That could change in the future, which is why we're working on the problem now."