December 21st, 2015
This year, car hacking has become a popular topic for many people, from automakers to car owners to software experts. Today's world brings many exciting technological advances. Car companies have always been prompt to incorporate new features into their products, such as GPS, hands-free phone systems and infotainment. While these additions attract car buyers, they also have gained the attention of worried tech experts.
Researchers and software engineers have, on numerous occasions in 2015, demonstrated the problems car manufacturers dismissed when constructing these cars. In short, they are very vulnerable to infiltration. In July, two security researchers, Charlie Miller and Chris Valesek, hacked into a Jeep Cherokee while it was driving down the freeway. Granted, the driver was warned and the demonstration was planned. However, it was eye-opening for many, Fortune reported.
Patching up cars
The event spurred worry from many, and some car companies scrambled to create patches and distribute them to buyers. Shortly after the incident, Fiat Chrysler announced a "voluntary safety recall" to more than 1 million cars. The press release explaining the reasoning behind the recall noted that, aside from public demonstrations of the cars' vulnerabilities, no customers have been affected by them, to the company's knowledge. However, as a precaution, owners of the cars involved in the recall received a USB drive which contained upgrades to the car's network.
Gizmodo explained the company did, in fact, know about the network's weaknesses prior to distribution, but determined they were minor and wouldn't put customers at risk. As a result, the company was charged a $105 million fine.
Shortly after Miller and Valesek's efforts to expose weaknesses, San Francisco-based security researchers Kevin Mahaffey and Marc Rogers presented similar vulnerabilities in Tesla's Model S, Mahaffey explained on The Lookout. By gaining access to the infotainment system and smartphone app, the two were able to perform virtually any action a driver could, including turning off the car while it's in motion.
Mahaffey and Rogers found that Tesla had taken measures to prevent harm as a result of someone hacking into the car. They also explained they would feel safer driving the Model S than any other connected car. Nonetheless, they did find several areas that needed improvement and made some suggestions for car companies to follow.
How to make connected cars safe
Their first suggestion offers a better approach to patches than sending USBs to car owners. Instead, similar to the way software companies distribute updates, connected cars should have the ability to be upgraded using over-the-air systems. Tesla has taken heed of this advice, the researchers explained.
According to the Original Equipment Suppliers Association, this technology will soon be common among connected cars. The association explained car companies may risk losing customers and increasing warranty costs without installing this capability in their products.
Presenters at the LA Auto Show explained this could mean car companies will have to rethink their design and engineering processes in order to ensure security.
"They really need to look at how these vehicles are being architected and start from a base platform to build up and create something that is totally secure," Danny Shapiro, a senior director of automotive at Nvidia, explained, according to Fortune. "It requires a wholesale change in the way of thinking about it and architecting the car to really plug these gaps in the system today."
Shapiro noted that Tesla has been on the forefront of change, designing cars around the computing platform, rather than trying to make it work in an already-designed car.
Another suggestion Rogers and Mahaffey made was for auto companies to work alongside security researchers. By teaming up, product developers can continue to design new cars that will attract auto enthusiasts, while also ensuring as much customer protection as possible.
Currently, Fortune explained, the people designing the car and those working on the connectivity factors don't communicate much in most auto companies. This will have to change soon if car companies want to evolve and gain the trust of those wary consumers worried about cybersecurity risks.
"Manufacturers may ask customers to sign waivers to assume responsibility for the technology."
Impact on insurance
As cars become more connected and these risks become more apparent, some are beginning to wonder how vulnerabilities will play into the insurance industry. While it may be assumed that car companies would be at fault for harm done via cybersecurity weaknesses, Insurance Business America explained that manufacturers may ask customers to sign waivers to assume responsibility for the technology upon purchase. This may protect auto companies, but it poses a risk for car buyers. John Tiene, CEO of the East Coast-based Agency Network Exchange, suggested people invest in a cyberinsurance policy for their protection. He also noted these ever-evolving cars could require changes in the insurance industry.
"This brings out a whole new area of expertise that agents are going to have to develop, and it's going to create new products," Tiene explained. "The reality is there's still going to be a huge responsibility and a huge need maybe an even greater need for professional insurance agents and risk managers to help car owners navigate what will be a much more complicated insurance world than it is today."
To make sure you have the best insurance for you car - connected or not - compare rates on CoverHound's convenient website.