Carmakers leave cars unlocked to hackers — Jeep Cherokee remotely hacked on highway

22 Jul 2015

Cars can now be remotely hacked and controlled and US senators are not happy about that. This week, for demonstration purposes, hackers were able to take control of a Jeep Cherokee driving on a highway, rendering the driver powerless, with nothing to do but sit in fear as they controlled the car.

In a report on Wired hackers were able to execute a zero-day exploit on a Jeep Cherokee. First they took control of the jeep’s air conditioning, wipers and radio and broadcast images onto the car’s dash.

However, after the car was driving on a highway they were able to drop transmission and stop the accelerator from working.

The ability of hackers to take control of cars is very real because today’s cars are festooned with all kinds of wireless sensors and computers. In fact, the majority of the value of a car today is its technology.

SPY Car Act aims to tackle wireless car jackers

In Washington yesterday Democratic senators Edward J. Markey and Richard Blumenthal, members of the Commerce, Science and Transportation Committee, introduced new legislation called the SPY Car Act.

The legislation would direct the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure cars and protect drivers’ privacy.

The Security and Privacy in Your Car (SPY Car) Act also establishes a rating system — or “cyber dashboard”— that informs consumers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards.

It is proposed that the dashboard would be made visible in car dealerships. The legislation also recommends that this information should be presented in a transparent, consumer-friendly form on the window sticker of all new vehicles.

Last year, Senator Markey released the report Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk, which detailed major gaps in how auto companies are securing connected features in cars against hackers.

For example, only two of the 16 car companies had developed any capability to detect and respond to a hacking attack in real time, and most customers don’t even know that their information is being collected and sent to third parties.

“Drivers shouldn’t have to choose between being connected and being protected,” said Senator Markey.

“We need clear rules of the road that protect cars from hackers and American families from data trackers. This legislation will set minimum standards and transparency rules to protect the data, security and privacy of drivers in the modern age of increasingly connected vehicles. I look forward to working with Senator Blumenthal to ensure auto safety and security in the 21st century.”

Accelerating to the next big thing

In their haste to sell more and more car models, carmakers are recklessly ignoring the cyber threats to vehicles.

“Rushing to roll out the next big thing, automakers have left cars unlocked to hackers and data trackers,” said Senator Blumenthal.

“This common sense legislation protects the public against cyber-criminals who exploit exciting advances in technology like self-driving and wireless connected cars.

“Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes.

“Security and safety need not be sacrificed for the convenience and promise of wireless progress. I thank Senator Markey for his leadership and profoundly significant fact-finding in protecting consumers. The road to new auto technology is wide enough for both progress and privacy.”

Jeep Cherokee image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com