Why Apple Should Pay Particular Attention to Wired’s New Car Hacking Story
This morning, Wired reports that the hackers who two years ago hacked an Escape and a Prius via physical access have hacked a Jeep Cherokee via remote (mobile phone) access. They accessed the vehicle’s Electronic Control Unit and from that were able to get to ECUs controlling the transmission and brakes, as well as a number of less critical items. The hackers are releasing a report [correction: this is Markey’s report], page 86 of which explains why cars have gotten so much more vulnerable (generally, a combination of being accessible via external communication networks, having more internal networks, and having far more ECUs that might have a vulnerability). It includes a list of the most and least hackable cars among the 14 they reviewed.
Today Ed Markey and Richard Blumenthal are releasing a bill meant to address some of these security vulnerabilities in cars.
Meanwhile — in a remarkably poorly timed announcement — Apple announced yesterday that it had hired Fiat Chrysler’s former quality guy, the guy who would have overseen development of both the hackable Jeep Cherokee and the safer Dodge Viper.
Doug Betts, who led global quality at Fiat Chrysler Automobiles NV until last year, is now working for the Cupertino, Calif.-based electronics giant but declined to comment on the position when reached Monday. Mr. Betts’ LinkedIn profile says he joined Apple in July and describes his title as “Operations-Apple Inc.” with a location in the San Francisco Bay Area but no further specifics.
[snip]
Along with Mr. Betts, whose expertise points to a desire to know how to build a car, Apple recently recruited one of the leading autonomous-vehicle researchers in Europe and is building a team to work on those systems.
[snip]
In 2009, when Fiat SpA took over Chrysler, CEO Sergio Marchionne tapped Mr. Betts to lead the company’s quality turnaround, giving him far-reaching authority over the company’s brands and even the final say on key production launches.
Mr. Betts abruptly left Fiat Chrysler last year to pursue other interests. The move came less than a day after the car maker’s brands ranked poorly in an influential reliability study.
Note, the poor quality ratings that preceded Betts’ departure from Fiat Chrysler pertained especially to infotainment systems, which points to electronics vulnerabilities generally.
As they get into the auto business, Apple and Google will have the luxury that struggling combustion engine companies don’t have — that they’re not limited by tight margins as they try to introduce bells and whistles to compete on the marketplace. But they’d do well to get this quality and security issue right from the start, because the kind of errors tech companies can tolerate — largely because they can remotely fix bugs and because an iPhone that prioritized design over engineering can’t kill you — will produce much bigger problems in cars (though remote patching will be easier in electric cars).
So let’s hope Apple’s new employee takes this hacking report seriously.
It makes me glad my car’s most advanced feature is the remote for the doors. (No Bluetooth, no GPS, no satellite radio, no cellphone access that I know of.)
Makes me glad I use a bicycle and mass transit.
Yet another story that makes me glad I’m driving a mid-90s Volvo.
Yet another story that makes me glad I’m driving a 82 Toyota station wagon…that has nothing that the manufacturer, or insurance company, or loan company can stop it with(remote disable). And, I can fix it myself, vs new cars you can’t even change the spark plugs. And, I get 28 mpg around town. And..it’s paid for. I’d submit, one day, you won’t be able to “own” a vehicle. Only lease it. And one day, only transportation companies with driverless cars will own them, and pick you up, for a fee.
.
Unfortunately, unless and until the car manufacturers ramp up IT security on the vehicles these driverless vehicles are going to have the same security problems as their human driven counterparts.
.
And note that I use “vehicles”. Driverless trucks and buses as well as driverless cars also seem likely to happen sooner rather than later. If they too are vulnerable to hacking then what we would effectively be putting on those roads are a bunch of potential drones.
.
For example, consider the consequences of hackers gaining control of a single 10-ton semitrailer barrelling along at 60 mph with a load of gasoline on a crowded interstate. Now ask yourself what the consequences would be if (say) Al Qaeda or ISIS could do the same thing remotely from Iraq or Pakistan.
Not that it’s really relevant, but the lede on that story is pure gonzo genius.
“But encryption is evil, EVIL, I tell you! Backdoors everywhere, on everything, is a must!”
And the Chrysler patch must be installed using a USB device? Jeebus. Let’s just insert Duqu and StuxNet everywhere, for gods’ sake.
This latest automotive-based vulnerability should give lawmakers pause with regard to Boeing and Hacking Team work on spyware-launching drones. Could this be used to hack automobiles on the highway? Boeing should answer to lawmakers about this because this technology has certainly been leaked outside the country already.