Carmakers should pay attention to digital security, says hacker
Based on some recent autopilot mishaps, it may look like the main threat for cars comes from AIs being unable to always handle traffic situations properly. But computer security experts seem to be much more worried about cars being hacked.
“Hopefully things are going to get better, but we are not in such great shape now,” said car security researcher Charlie Miller at ARM TechCon in Santa Clara.
Now, that everyone seems to be involved in autopilot technology, Miller, who works for Uber’s advanced technology center, thinks car companies should really pay attention to security, reported venturebeat.com. He has been hacking cars to expose security vulnerabilities, and would like to see greater transparency from the industry. Carmakers, he said, should explain “exactly how their systems are designed for security.”
“Then I could spend a weekend reading their white paper rather than two years tearing apart their cars,” Miller added.
A former National Security Agency security consultant, Miller used to hack iPhones and MacBooks. Together with his friend Chris Valasek, he later received a small grant from the Defense Advanced Research Projects Agency (DARPA — incidentally the same military agency that funded the creation of the internet) to research car security.
The two experts wanted to see whether security problems were widespread in the industry, and planned to make their experiments public so that car makers do something about such issues. In 2013 they showed they could compromise a Toyota Prius and a Ford Escape, taking control of the steering. Two years later they hacked a Jeep Cherokee using a vulnerable mobile connection. The story, published by Wired, prompted Chrysler to recall 1.4 million vehicles.
Earlier this year, Miller and Valasek remotely took control of moving Jeep and ran it off the road.
They released everything they found about the cars’ vulnerabilities, as well as their tools, so manufacturers could patch the security holes.
“We build systems and don’t think about security because we don’t need to,” Miller said, according to VB. “That’s what happened with cars. They took you places. Then we added more features.” As technology put in vehicles became more sophisticated, the security challenges grew.
Miller and Valasek found problems with multiple car models. Miller is worried, VB wrote, because cars are now connected to the internet, and carmakers are testing self-driving vehicles.
He hopes his work will make automobile companies more aware of the dangers, so they’ll pay more attention to security.