When Charlie Miller and Chris Valasek demonstrated their ability to hack vehicles both with physical contact and purely wireless, they weren’t aware that this would turn into a much larger discussion about safety on the roads. Now reports are saying that this is just the beginning of an “auto-hacking era.”
“While the automakers and telematics vendors with targeted products were largely receptive to this work—in most cases, they deployed fixes immediately that patched the attack paths found—not everything is happy in auto land,” according to Arstechnica.
“Not all of the vehicles that might be vulnerable (including vehicles equipped with the Mobile Devices telematics dongle) can be patched easily. Fiat Chrysler suffered a dramatic stock price drop when video of a Jeep Cherokee exploit (and information that the bug could affect more than a million vehicles) triggered a large-scale recall of Jeep and Dodge vehicles.”
Automakers not only have to worry about falling stock and having to explain to consumers why their vehicles might be susceptible to hacks. They also have to worry about the repercussions that can come from a hacker using the knowledge about hacking into vehicles and carrying out a potentially dangerous attack while vehicles are cruising the streets and highways.
Some automakers don’t understand what the commotion is because none of these hacks have actually been carried out in the real world other than the DefCon demonstrations by Miller and Valasek. So, is it worth worry about it it hasn’t made it’s way to the real world?
Well, companies like Tesla are already taking matters into their own hands by issuing a vehicle security bug bounty program that can land participants up to $10,000 for pointing out “reproducible security vulnerabilities.”
“The car hacking village at DEF CON brought in hundreds of attendees to get the basic skills to do analysis of CAN buses and other automotive systems,” says Sean Gallagher of Arstechnica.
“With Miller and Valasek’s paper providing a road map, it could be a lot easier for others to exploit vehicles going forward. And as the skills and tools required for car hacking become more well established, flipping on the windshield wipers of someone’s car could become what website defacements were in the 1990s—something all the script kiddies can do. That, and not disagreements with security researchers, is what should have the auto industry worried.”
Miller and Valasek aren’t the only security researchers and certainly not the only ones with the knowledge it would take to hack into automobiles and exploit their internal cyber-weakness. This is where automakers and consumers have to worry when it comes to thinking about future attacks.
Read the full story.
