Car manufacturers need to step back and reconsider the digital security of their products following the most recent case of vehicle hacking in the US.
That’s according to Professor Kevin Curran, a senior member of the Institute of Electric and Electronics Engineers.
Speaking to Autocar, Professor Curran said car manufacturers appeared to be more concerned with beating the competition to market with new technology, rather than fully testing its security. "I have a feeling they are rushing out features, and every industry can be guilty of that," he said. "I’d say there’s a rush to market and security is almost an afterthought."
Citing a lack of regulation in the automotive arena over the introduction of connected technology, Professor Curran said car makers should be following the example of the airline industry, where there are far more stringent security checks. "On planes, we have to rely on the airline manufacturers knowing better and erring on the side of safety," he said. "Why can the same not be true of car manufacturers?
"I would urge manufacturers to think, and I would hope there would be a think tank or body which can oversee the security of these devices. We’ve never been in the position before where someone can cause so much destruction to a car from such a great distance."
Hackers take control of Jeep Cherokee
Professor Curran’s comments on digital security come just weeks after two hackers in the US were able to successfully gain access to and control a Jeep Cherokee driving along a public road from a distance of 10 miles away.
The experiment, conducted for Wired magazine, showed how a car could be wirelessly hacked and controlled without the hacker being in close proximity. In the experiment, hackers Charlie Miller and Chris Valasek used what’s been described as a flaw in Fiat Chrysler Automobiles' UConnect infotainment system to hack the vehicle.
Once the duo had access, they were able to activate the car’s windscreen wipers, alter its climate control settings, play different music through the infotainment system and - most worryingly - deactivate the accelerator while the car was travelling at motorway speeds. At lower speeds, the pair could also apply the brakes - or deactivate them - and kill the engine completely.
Miller and Valasek were also able to monitor vulnerable vehicles from a laptop - showing the location and speed of vehicles connected to the UConnect system. The system is vulnerable as, like many others, it uses a mobile data network connection to access connected services. Miller and Valasek’s hack lets them infiltrate the car’s infotainment system and then issue commands which are spread to other areas of the vehicle via the CAN bus network.
Speaking to Wired, Valasek said: “From an attacker’s perspective, it’s a super-nice vulnerability.
Join the debate
Add your comment
Ok, who prefers electronic
Fine so far
Count me in as one who prefers. Cabin looks neater. Ease of use. I've had a year's worth of it on a Golf. It can be set to be fully automatic all the time, which is handy and that is how I use it. Works well as a compliment to the DSG. Got used to it within first day or so, and it is now forgotten.
Newsflash - car makers more concerned with profit than security
So how about this for a doomsday scenario. The terrorists run out of kids willing to blow themselves up. So they work out how to hack cars with driverless technology. They then fill these cars or vans with explosives, punch the address they want to bomb into the sat nav and hey presto a suicide bomber without the suicide. Thank you car industry.
Maybe one day we will go back to cars where the main features are 3 pedals, a gearshift, a steering wheel and god forbid a handbrake that you actually need to use muscle to apply. You cannot hack those.
I don't really understand