Blog dedicated primarily to randomly selected news items; comments reflecting personal perceptions

Tuesday, October 20, 2015

What's At Stake

"I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass."
"As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought."
"The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country."
Andy Greenberg, Wired magazine, July 21, 2015 
Charlie Miller (left) and Chris Valasek hacking into a Jeep Cherokee from Miller's basement as I drove the SUV on a highway ten miles away.

"The focus of car manufacturers remains selling as many high-margin, connected-car options packages as possible, and not necessarily in keeping the bad guys out."
"The time for governments to step in and tighten the rules in the interest of safety is long overdue.
The electronics revolution in your car isn't just limited to the big navigation screen in the middle of the dash. Virtually every system in the average modern car has been touched in one way or another by technology in recent years, and anything electronic is potentially hackable."
"The throttle, for example, which used to be a cable connected to a mechanical system, has largely been replaced by an electronic throttle that completely severs the physical connection between the gas pedal and the engine."
Carmi Levy, technology analyst, London, Ontario

"We're working to keep pace with the dynamic nature of cyber threats by incorporating security by design, developing internal expertise, and cultivating procedural and operational partnerships with organizations specializing in cyber defence."
Wade Newton, spokesman, Alliance of Automobile Manufacturers, Washington, D.C.

"[The accident that killed gonzo journalist Michael Hastings in Los Angeles that was featured on 60 Minutes was] consistent with a car cyber attack."
"You can do some really highly destructive things now, through hacking a car, and it’s not that hard. So if there were a cyber attack on the car—and I’m not saying there was—I think whoever did it would probably get away with it."
Richard Clarke, counterterrorism adviser to Clinton and G.W. Bush administrations  
The wreckage of the car crash that killed journalist Michael Hastings.
The wreckage of the car crash that killed journalist Michael Hastings.

From metaphorically 'killing' the computer controls on a jeep, as described in July's Wired magazine, to a hacker dialing in to the computer system of a journalist's vehicle to put the vehicle out of commission and the man driving it permanently out of commission, the vulnerability of vehicles and their drivers to the malicious attacks possible when those with terrorist intentions hack, threatening the safety of motorists at large, has become a growing concern to governments.

The Canadian Defence Department's research arm has undertaken a study into the vulnerability of vehicles to the possibility of remote hacking, given the few incidents where it has been demonstrated that interference of this kind dangerously threatens people from cyber-intrusions as a potential menace as yet little appreciated. Government intervention in the matter is required, according to one technology expert, since the automobile industry is lagging in its concern for secure vehicles.

These are vehicles being sold with advanced computer packages glowingly advertised as selling points in persuading the driving public that they incorporate not only convenience but safety features enhanced by the latest technologies. Manufacturers think of their products as "rolling smart phones", and encourage the buying public to value them for their multiple gimmickry. With built-in connectivity through computers and Internet connections guaranteed, what could go wrong?

The D.C.-based Alliance of Automobile Manufacturers claims it is preparing to advance an information-sharing hub and have it in operation by the end of 2015, enabling auto-industry companies to exchange details relating to emerging threats and real-time countermeasures. The suite of computer systems built into vehicles, stresses the industry, has aided in making vehicles more driver-safe, cleaner to operate, harder to steal.

And though the word has gone out about the potential vulnerability of the computer systems to hacking, the industry points out that no documented, real-world instances of moving vehicle hacking has been presented, as yet. Which disregards the reality that the on-board Internet-connectivity is a portal, yet one which can be opened only by those with heavy experience at hacking. Should someone with malice aforethought succeed in manipulating a vehicle's steering and braking, a worst-case scenario could occur.

When American cyber-security researchers, Charlie Miller and Chris Valasek hacked into a Jeep Cherokee's entertainment system, then ventured to the radio, air-conditioning and windshield wipers, they expanded their operation by cutting the transmission and its brakes in a convincing demonstration of just how effective their skills were in dismantling the safety features of industry that encourages motorists to believe that the skillful driver had full command of his vehicle.

Fiat Chrysler was moved as a result of that convincing and controlled experiment to recall 1.4 million vehicles to hurriedly patch up the vulnerable areas. Defence Research and Development Canada has put a tender out on a government procurement website looking for a consultant capable of studying the vulnerability of vehicles, and measures that can be taken to mitigate the pending problem before it becomes a living nightmare.

Their document states, of the modern vehicles which incorporate up to 200 computers, that "the hacking community has demonstrated many times the possibility to compromise the cyber security of cars" and that cyberattacks on cars represent "a more important concern [than that of information- and money-theft through computer hacking] since the safety of their users or the other users on the road might be at stake".

Labels: , ,


Post a Comment

<< Home

()() Follow @rheytah Tweet