Drivers are willing to risk a world of hackable cars
Poll finds support for autos with Internet
Americans love the Internet, they love cars and they really love Internet-connected cars, even if it opens them to more security risks.
Forty-two percent support making cars more connected — a figure that jumps to 60% for Millennials, a survey by Kelley Blue Book found. At the same time, 62% fear cars will be easily hacked.
It seems Americans are unwilling to give up the convenience of a connected car to protect against a hypothetical hack. Just 13% said they would never use an app if it increased the potential for their vehicle to be hacked.
Figuring out how to hack cars is a growing area of specialization.
“Security can’t be an afterthought,” said Charlie Miller, who together with Chris Valasek hacked a Jeep Cherokee last year. The duo presented a workshop on Car Hacking 101 at the RSA computer security confer- ence this week.
“If you’ve got GPS or Bluetooth access or a WiFi hotspot in your car … there’s a wide range of hacks for getting in,” said Karl Brauer, a senior director with Kelley Blue Book.
For Americans, convenience seems to trump everything else, even the risks associated with sitting in a hackable, 3,000pound block of metal, plastic and glass moving at 65 mph.
“More than 33% of people out there have already decided that if they don’t get the technology they want in one car, they’re going on to another,” Brauer said.
It’s especially true of younger people. “Millennials don’t want to go anywhere without being connected, so auto manufacturers are appealing to that,” said Chan Lieu, a legislative adviser who focuses on the auto industry for law firm Venable in Washington.
There are no safety standards for hackability. That’s in part because the systems that make cars accessible to Internet and wireless attack change monthly, with each passing month, so there’s really nothing to test.
For now, consumers don’t need to worry too much about their cars being hacked, but it could become a bigger concern in five or 10 years. The convergence between connected cars and nefarious hackers is coming, say Miller and Valasek, who work at Uber’s Advanced Technologies Center in Pittsburgh.
“I wrote four lines of Python (a programming language) and owned 1.4 million cars,” Miller said of their Jeep exploit.
For that reason, they publish everything they do in great detail, to help others learn from it so the proper safeguards can be built in.
“It can’t just be five security guys solving the world’s problems. We need to get more people involved,” Valasek said.
Neither worry overly about their own cars getting hacked. Though Miller says he does caution friends to avoid the dongles popular with some auto insurance companies that allow them to monitor a car’s actions.
It’s one thing to trust Ford or Chevrolet. But with those, he said,”you’re not even trusting your insurance company, your’e trusting whoever they bought the dongle from.”