By Tony Anscombe, Mobile Specialist at AVG Technologies
In early August, Wired Magazine published an article entitled 'Hackers remotely stopped my jeep on the road – with me inside' detailing the experimental action of two hackers, Charlie Miller and Chris Valasek. In the words of journalist Andy Greenberg, he had agreed to be a part of this adventure as a 'test dummy for a digital collision'.
The hackers were able to remotely control many important functions of the jeep, including braking, transmission and acceleration, as well as the windshield wiper, air conditioning and radio. Of course, the threat seems much more real and dangerous when the person is able to control the vehicle's driving and safety features.
In 2013, Miller and Valasek had already proven that it was possible to hack a car, testing a Ford Escape and a Toyota Prius. But back then they did it from the back seat of the car and had to physically connect to it. This latest demonstration of his skills proves that it is now possible to control a car remotely, which of course poses an entirely different risk.
This story has many similarities with recent reports about the ability to intercept an aircraft and control it from the ground. Aviation experts were quick to disclose that only some planes have information and entertainment systems connected to the aircraft's control and that, in all cases, the pilot has a manual control button in the cockpit that allows him to take control and fly without dependence. technology if necessary.
Although similar, they are two very different industries. The automotive industry appears to be reluctant to regulate and set definitive standards for connected cars before the product is made available to end users.
Another concern I have regarding this and other vulnerability stories in cars is the method of fixing the problem. There is a software update available for the Jeep, for example, which can be loaded via a USB stick. Despite sounding simple, this type of provision should not be left to the consumer. In the event of a manufacturing defect, the cars are recalled and submitted to professionals trained to repair them. So I believe that in addition to the reseller loading/updating the system software, when a major vulnerability like this is found companies should do a full recall and take responsibility.
I wonder how many connected car drivers have the latest software version installed? I suspect that many drivers of BMWs that were subject to the 'unlock' held earlier this year are still driving around in a vulnerable car.
But there is light at the end of the tunnel. The departments responsible for the parameters in this area in the US and UK have committed to drawing up new guidelines against this type of failure. I'm sure these guides will be published in the next few months, but of course implementation in manufacturing takes time and the risk only grows with each new 'connected' coming off the production line.
The hackers were able to remotely control many important functions of the jeep, including braking, transmission and acceleration, as well as the windshield wiper, air conditioning and radio. Of course, the threat seems much more real and dangerous when the person is able to control the vehicle's driving and safety features.
In 2013, Miller and Valasek had already proven that it was possible to hack a car, testing a Ford Escape and a Toyota Prius. But back then they did it from the back seat of the car and had to physically connect to it. This latest demonstration of his skills proves that it is now possible to control a car remotely, which of course poses an entirely different risk.
This story has many similarities with recent reports about the ability to intercept an aircraft and control it from the ground. Aviation experts were quick to disclose that only some planes have information and entertainment systems connected to the aircraft's control and that, in all cases, the pilot has a manual control button in the cockpit that allows him to take control and fly without dependence. technology if necessary.
Although similar, they are two very different industries. The automotive industry appears to be reluctant to regulate and set definitive standards for connected cars before the product is made available to end users.
Another concern I have regarding this and other vulnerability stories in cars is the method of fixing the problem. There is a software update available for the Jeep, for example, which can be loaded via a USB stick. Despite sounding simple, this type of provision should not be left to the consumer. In the event of a manufacturing defect, the cars are recalled and submitted to professionals trained to repair them. So I believe that in addition to the reseller loading/updating the system software, when a major vulnerability like this is found companies should do a full recall and take responsibility.
I wonder how many connected car drivers have the latest software version installed? I suspect that many drivers of BMWs that were subject to the 'unlock' held earlier this year are still driving around in a vulnerable car.
But there is light at the end of the tunnel. The departments responsible for the parameters in this area in the US and UK have committed to drawing up new guidelines against this type of failure. I'm sure these guides will be published in the next few months, but of course implementation in manufacturing takes time and the risk only grows with each new 'connected' coming off the production line.
EN 
PT 
