New legislation introduced in congress could stick automakers with more responsibilities to prevent hackers from taking over vehicles remotely in response to hacking demonstrations on vehicles like the 2014 Jeep Gran Cherokee, 2013 Ford Escape and 2013 Toyota Prius.
Beginning in 2013, a duo of hackers, Charlie Miller and Chris Valasek, with the help of a WIRED journalist, demonstrated that they could hook into the Escape and Prius with a wire and take over the car. With full control of the vehicle they can turn on or off the air conditioning, disable the brakes or turn the car all without the driver having any say-so in the matter. Recently, a video showing the same hackers hacking into a 2014 Jeep Gran Cherokee remotely miles away raises even more concerns.
In the video, http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/?mbid=so…, the hackers are able to put a picture of themselves on the infotainment system, make the brakes go out and totally disable the car. This is done by using the vehicle’s UConnect, or similiar internet-enabled infotainment device, as an entry point and spreading control to the rest of the car.
Hackers of all kinds could carry out the same attack on vehicles, including hackers with terrorist affiliations. It’s simple to think of the domestic damage an organization like ISIS could achieve with an automotive hack like this. Suddenly jerking the wheel, disabling the brakes or fully engaging the throttle of a vehicle in an isolated attack, or worse, in a massively coordinated attack, could cause deaths in the thousands across the entire United States.
The video showcasing the remote attack prompted a downloadable software update to fix the potential security hole.
Reactive measures like this are made mandatory in the bill proposed by Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) but preventive measures are highlighted too. The bill, The Security and Privacy in Your Car (SPY Car) Act, is one of the first of it’s kind which calls for “All entry points to the electronic systems of each motor vehicle manufactured for sale in the United States shall be equipped with reasonable measures to protect against hacking attacks.” according to the legislation itself.
It carries on to call for the information within the vehicles to be reasonably protected and that all vehicles be equipped with the abilities to “immediately detect, report, and stop attempts to intercept driving data or control the vehicle.”
This would force automakers to create an “opt-out” feature for owners to use to not allow the auto manufacturer to collect any data from the car like navigation point or other information. By not sending this information out the car is protected because the stream of information is not being sent out and therefore, cannot be intercepted and taken over.
Failure to follow these regulations, if the bill is passed, would result in a fine not exceeding $5,000 per vehicle to the manufacturing company.