When, in 2013, hackers Charlie Miller and Chris Valasek hard-wired their laptops into a Ford Escape and a Toyota Prius and assumed control of the cars’ electronic systems from the back seat while a journalist from Wired magazine drove around a car park, some of the car industry raised an eyebrow about the potential for cars to be electronically hacked.
But back then, the pair of them needed access to a diagnostic port, and – hey – who’d give that sort of access to a hacker?
So last week, while the same Wired reporter drove a Jeep around the outskirts of St Louis, the same hackers sat on a sofa 10 miles away and remotely gained control of the car’s systems. Not just a few innocuous ones, such as the wipers or stereo, but ones like the engine, brakes and transmission.
So now everyone has raised an eyebrow and is wondering what the motor industry is going to do about a potentially catastrophic security flaw.Cars are more connected and, electronically, more complex than ever.
They’ve become that way innocently enough. As wiring looms for all of a car’s features – ABS, hi-fi, lighting, engine, transmission and so on – became massively complicated, a bright spark at Bosch had the idea of sharing a common set of wiring, called a CAN bus, along which power and data info could be passed.
The CAN bus saves a lot of wiring and therefore a lot of weight and money but means a car’s electronic control units – of which a car might have dozens – are all effectively connected to each other.
None of which would have been seen as a problem in the 1990s when CAN buses started being used, because no one would have thought you could sit in your pants on a sofa and gain malicious access to it.
But with increased internal complexity has come increased connectivity. So if, say, your stereo can stream from the web, or the diagnostics or the navigation or the multimedia system can talk to the outside world, that’s a portal that’s vulnerable to hackers.
And if the ECUs for the ABS, the self-park steering system, the throttle or even the automatic gearbox are all loosely connected to that same portal, they’re all fair game to a hacker.
The solution, of course, is that new security precautions will have to be reverse engineered into cars’ electronics systems – systems that you probably didn’t want or ask for in the first place but which have become ever more prevalent and for which you’ll pick up the tab to make them more secure. Because although it’s unlikely someone will want to take control of your car, the implications of not securing the system don’t bear thinking about.