Car manufacturers need to step back and reconsider the digital security of their products following the most recent case of vehicle hacking in the US.
That’s according to Professor Kevin Curran, a senior member of the Institute of Electric and Electronics Engineers.
Speaking to Autocar, Professor Curran said car manufacturers appeared to be more concerned with beating the competition to market with new technology, rather than fully testing its security. "I have a feeling they are rushing out features, and every industry can be guilty of that," he said. "I’d say there’s a rush to market and security is almost an afterthought."
Citing a lack of regulation in the automotive arena over the introduction of connected technology, Professor Curran said car makers should be following the example of the airline industry, where there are far more stringent security checks. "On planes, we have to rely on the airline manufacturers knowing better and erring on the side of safety," he said. "Why can the same not be true of car manufacturers?
"I would urge manufacturers to think, and I would hope there would be a think tank or body which can oversee the security of these devices. We’ve never been in the position before where someone can cause so much destruction to a car from such a great distance."
Hackers take control of Jeep Cherokee
Professor Curran’s comments on digital security come just weeks after two hackers in the US were able to successfully gain access to and control a Jeep Cherokee driving along a public road from a distance of 10 miles away.
The experiment, conducted for Wired magazine, showed how a car could be wirelessly hacked and controlled without the hacker being in close proximity. In the experiment, hackers Charlie Miller and Chris Valasek used what’s been described as a flaw in Fiat Chrysler Automobiles' UConnect infotainment system to hack the vehicle.
Once the duo had access, they were able to activate the car’s windscreen wipers, alter its climate control settings, play different music through the infotainment system and - most worryingly - deactivate the accelerator while the car was travelling at motorway speeds. At lower speeds, the pair could also apply the brakes - or deactivate them - and kill the engine completely.
Miller and Valasek were also able to monitor vulnerable vehicles from a laptop - showing the location and speed of vehicles connected to the UConnect system. The system is vulnerable as, like many others, it uses a mobile data network connection to access connected services. Miller and Valasek’s hack lets them infiltrate the car’s infotainment system and then issue commands which are spread to other areas of the vehicle via the CAN bus network.
Speaking to Wired, Valasek said: “From an attacker’s perspective, it’s a super-nice vulnerability.
“If consumers don’t realise this is an issue, they should, and they should start complaining to car makers. This might be the kind of software bug most likely to kill someone.”
Both hackers have been sharing their data with FCA for the past nine months, notifying the firm of potential flaws in its system. Late last month FCA issued an official recall for the 1.4 million vehicles that were vulnerable. A spokesman has confirmed to Autocar that the recall does not affect any cars in the UK.
The company said: “The hack published in Wired magazine was conducted through embedded cellular connectivity (Connected Vehicle), a feature that is not available in vehicles sold outside of the US, since international markets are currently not offering the same connectivity feature as the US-market vehicles.