If a hacker-proof car was somehow designed today, it couldn’t reach dealerships until sometime in 2018, experts say, and it would remain hacker-proof only for as long as its automaker kept providing regular updates for the underlying software - an expensive chore that manufacturers of connected devices often neglect. Long development cycles - especially within the automotive industry - add to the problem. Yet Ellis and other experts fear the race to secure the Internet of Things already is being lost, that connectivity and new features are being added more quickly than effective measures to thwart attacks. You can’t yet do it on a 100,000-car basis.” They haven’t been able to package it yet so that it’s easily exploitable,” said John Ellis, a former global technologist for Ford.
Even cars from a single manufacturer can vary dramatically from one model year to the next, hindering hackers. In this battle, defensive forces have one clear strength: Connected devices run many types of software, meaning that an attack on one may not work on others. Government and industry officials are racing to add protections before techniques demonstrated by Miller, Valasek and and other researchers join the standard tool kits of cybercriminals.
RUSH TEAM 2 HACKED SERIES
Valasek and Miller said they could, by merely typing the right series of computer commands, hack into these vehicles, almost anywhere they might be driving. They also found readily accessible Internet links to thousands of other privately owned Jeeps, Dodges and Chryslers that feature a proprietary wireless entertainment and navigation system called Uconnect. By hacking into a 2014 Jeep Cherokee, the researchers were able to turn the steering wheel, briefly disable the brakes and shut down the engine.
Yesterday’s flaws, experts say, are being built directly into tomorrow’s connected world.Īmong the most vivid examples came this week, when security researchers Charlie Miller and Chris Valasek demonstrated that they could hijack a vehicle over the Internet, without any dealership-installed device to ease access. The inherent insecurity of the Internet itself - an ungoverned global network running on technology created several decades ago, long before the terms “hackers” or “cybersecurity” took on their current meanings - makes it difficult to add effective safety measures now. “Now that we know it’s going to happen, can’t we do something different?” “If we’ve learned anything from the Internet, it’s that it’s clearly going to happen,” said Kathleen Fisher, a Tufts University computer science professor and security researcher. It’s just a question of when the right hacking skills end up in the hands of people with sufficient motives. Widespread hacks on cars and other connected devices are destined to come, experts say, as they already have to nearly everything else online.