No minor prank
It’s a scenario out of a Stephen King novel: A driver cruising along a busy highway suddenly finds his car taken over by an outside force.
First it’s just the radio, the wipers and the air conditioning behaving chaotically. Then— as an 18- wheeler bears down at high speed— the transmission shuts down.
All this actually happened to Wired journalist Andy Greenberg recently when he agreed to let two hackers go to work on an internet- connected Jeep he was driving.
The hackers, Charlie Miller and Chris Valasek, have been conducting government funded research into the security of smart auto systems. They were able to take control of the Jeep from 10 miles away. Some 471,000 cars on the road are vulnerable to such attacks, they estimate. Their experiment should serve as a wake- up call to car manufacturers— and everyone else.
Commonplace items such as baby monitors, room locks and medical devices have already been hacked. Manufacturers should expect this to continue, and prepare for it to get worse before it gets better. That means making cybersecurity something more than an afterthought. It also means being upfront with consumers about exactly what those products are doing and sharing online.
As for carmakers, their vulnerabilities have been evident for years. For starters, they should boost investment in technology that can detect digital intrusions, and start automatically issuing security updates to their software. More important, they should ensure that critical controls, such as brakes and steering systems, are isolated from components that could be hacked.
Carmakers have long competed on safety. They now need to broaden their definition of it to encompass the digital age.