How hard is it to protect driverless cars from hackers?

With connected devices forecast to grow to 8.4 billion this year, with expected spending of over $2 trillion, how hard is it to actually secure the internet of things? And why don’t manufacturers focus more on delivering top-notch security for their products with longer shelf life?

Two years ago, security researchers Charlie Miller and Chris Valasek wanted to make a point about the vulnerabilities inside connected cars, so they hacked a wireless Jeep Cherokee from a remote location. The shocker was not so much about the ease of the process, but that the driver was in the car driving at 70 mph and completely useless. Remote attacks have also been launched on Teslas and on the brakes of a Corvette, the latter purely for the sake of science at the University of California at San Diego.

Security researchers are also concerned because the automotive industry is mixing up software from different suppliers, software that might not end up matching well due to varying “shelf lives and patch cycles.”

“The problem is when people buy a car, they think ‘Oh, I’m buying a Toyota,’ but what they’re really buying is parts from 100 different suppliers all cobbled together,” said Nidhi Kalra, a senior information scientist at the RAND Corporation. “Cybersecurity cannot be applied on top of everything else. It needs to be based in the design of the vehicle and embedded throughout the entire supply chain.”

So if it’s so easy to exploit a wireless car, then what about driverless taxis? Although they’re growing in popularity, securing them is not so much an interest point, leaving their electronic setup vulnerable to cyberattacks, Miller explains in an interview with Wired. After working over a year and a half with Uber, he feels “driverless taxis pose a security challenge that goes well beyond even those faced by the rest of the connected car industry.”

The US Department of Transportation is one contributor to the poor state of the industry after issuing vague guidelines only requiring that “the vehicles should be engineered with safeguards to prevent online attacks.”

“Autonomous vehicles are at the apex of all the terrible things that can go wrong,” says Miller. “Cars are already insecure, and you’re adding a bunch of sensors and computers that are controlling them… If a bad guy gets control of that, it’s going to be even worse.”