Beware of cyber car hacks, feds warn

Federal agencies want you to be aware that as cars become smarter, so do cyber hackers.

Douglas Healey/AP
An FBI agent carries on object from a home in Bridgeport, Conn. Tuesday morning May 4, 2010.

Don’t let your car get remotely hacked, the Federal Bureau of Investigation, the National Highway Traffic Safety Administration, and the Department of Transportation warned US drivers in a public service announcement this past week.

As vehicles get more automated and less manually controlled by drivers, they will be more subject to cyber security risks. 

“Vehicle hacking occurs when someone with a computer seeks to gain unauthorized access to vehicle systems for the purposes of retrieving driver data or manipulating vehicle functionality,” explains a joint public service announcement (PSA) from the trio of federal government agencies. “While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk.” 

They go on to suggest several steps consumers should take to minimize vehicle cybersecurity risks. These include ensuring that vehicle software is up to date, being aware of who has vehicle access, and exercising discretion when connecting third-party devices to the vehicle. To put it simply, pay attention to who is in your car and what is plugged into your car, suggests the FBI. 

“Some car manufacturers are already working on addressing the issue,” reports The Christian Science Monitor’s Olivia Lowenberg. “Ford and Toyota have both built stronger firewalls for their vehicles, and Tesla encourages hackers to share their findings with the company through a ‘responsible disclosure’ policy.” 

Manufacturers and government agencies alike have had to work quickly to address the dangers of cyber car hacking. 

Cyber car hackers had their first high-profile success in 2013, after proving that it was possible to hack a Toyota Prius. But in order to do so, the hackers had to be in the car – remote cyber hacking was not yet a tangible threat. 

But within the last three years, these vulnerabilities have multiplied, reports Monitor auto blogger Richard Read. 

“As our cars become increasingly autonomous, they’re likely to begin talking to one another, and in doing so, they’ll create networks,” writes Read. “Networks are the playground of hackers because with the right code, ne’er-do-wells can affect dozens, hundreds, or thousands of vehicles at once, maximizing their returns.” 

Just last year, security researchers Charlie Miller and Chris Valasek remotely hacked a 2014 Jeep Cherokee killing the car’s transmission and proving the immediate potential of hacking threats. Chrysler soon after issued a 1.4 million-vehicle recall and mailed software updates to drivers. 

But Mr. Valasek tells Wired that he is confused about the FBI’s timing – why now? After all, their experiment was conducted eight months ago. 

“It seems super delayed,” said Valasek, one of the two Jeep-hacking researchers. “But it’s good advice… people take the FBI seriously.”And since his hacking experiment last year, Valasek says he has been flooded with emails from people who believe they are car hacking victims. “Charlie and I get emails all the time from people who say ‘my car’s been hacked!’” says Valasek. “The FBI is more than welcome to take that over.” 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.