One year ago (October 2014), this column carried the title “Tech Gets Scary.” We did not know the half of it. Our main concern then revolved around privacy issues — apprehension about how the connected car allows the collection of data by auto manufacturers and, considering that it includes data on web surfing, e-mails, and other online activities, anxiety about how the auto makers would use and share that information. More recently, reports of the connected car’s vulnerability to hacking that can result in the driver losing control of the vehicle have stoked the unease.
This past July, on wired.com, Andy Greenberg chronicled his experience as the driver of a hacked connected car, specifically — and won’t car washers find this an interesting coincidence — a Jeep Cherokee. Greenberg was a willing participant in a test run arranged with two researchers who had developed a hacking technique that allowed them to take wireless control, via the Internet, of any of thousands of vehicles, sending commands through the vehicle’s entertainment system to the dashboard functions, steering, brakes, and transmission.
Greenberg wasn’t too concerned, at the start of his drive, when the air conditioning turned on at max, even though he had not touched the controls, or when the radio switched to a hip-hop station, also unbidden, ditto when the windscreen wipers tuned on. When his accelerator stopped working, so did the fun of the experiment. “The most disturbing maneuver,” he writes, “came when they cut the Jeep’s brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.”
Having your drive-on employee taken by surprise as a Jeep suddenly accelerates in the tunnel is one thing. This is having control wrested from you at a whole other level. How do you train for this, and how do you design preventative measures when any one (or more) of several of the vehicle’s functions can be tampered with unexpectedly? The chances of this issue cropping up at a particular car wash are probably remote, but the likelihood of such an occurrence becomes less farfetched as time marches on. We live in a world where a high school kid can reportedly hack into the private e-mail account of the director of the CIA.
All of this results from auto manufacturers doing their level best to rebrand cars as “smartphones on wheels” in response to evolving consumer demand. As we noted here in March of this year, for 39 percent of car buyers in the United States, technology is the number one selling point compared to 14 percent who value horsepower and handling most. Accordingly, researchers anticipate the number of Internet-connected cars to surge from 36 million today to 152 million five years down the road.
But, not to worry: government is here to sort it all out. A bill before Congress, the “Security and Privacy in Your Car Act of 2015” — AKA, cutely, the “SPY Car Act of 2015,” aims to protect consumers from security and privacy threats to their motor vehicles. Already there are competing alternatives in the works, one of which a commentator dismisses as serving “more to protect companies than to impose sound security on them.”
Automakers need to be held accountable for their vehicles’ digital security, says Greenberg and then quotes one of the researchers: “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers. This might be the kind of software bug most likely to kill someone.”