Today’s automobiles are technological marvels. Actually, to this layman’s mind, they have always been. But the technologies currently being baked into our vehicles are advancing at a pace that perhaps cannot be sustained responsibly. A report from Consumer Watchdog, a nonprofit, nonpartisan consumer-protection organization, goes so far as to term the exposure to hacking of Internet connected cars a national security threat.
Surveys conducted as long as four years ago found that for 39 percent of car buyers in the United States technology was the number one selling point compared to 14 percent who valued horsepower and handling most. I wouldn’t hazard a guess at where those figures stand today, but feel fairly confident that the disparity would have grown appreciably.
Carmakers are exploiting this preference to the fullest and are not about to slow their push for more tech. Besides, as noted in this column in the July issue, manufacturers have figured out a way to monetize all the data connected-car technology collects, this while they feel their future sales are under pressure from the advent of car-sharing, ride-sharing, and ride-hailing services.
According to the Consumer Watchdog report, “Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off,” most connected cars share the same vulnerability. The car’s infotainment system is connected to the Internet via a cellular connection and also to the vehicle’s CAN (Control Area Network) buses, which links the vehicle’s safety-critical systems such as the engine and the brakes. This allows hackers access to control of the vehicle’s operation.
This is bad enough when it involves a single vehicle, as happened in 2015 with a Jeep Cherokee in a controlled experiment in which the vehicle’s accelerator and brakes were disabled by a hacker. However, the Kill Switch report points out the networked nature of connected cars, which, the report warns, creates several avenues for a fleet-wide attack: viruses can spread vehicle-to-vehicle, malicious WiFi hotspots can infect within-range passing vehicles, or cars can be infected with malware that activates at a given date and time. Imagine: hundreds of cars on the road going out of control at the same time.
We covered the Jeep Cherokee experiment in this space in November 2015 and commented on its car wash relevance: Having your drive-on employee taken by surprise as a Jeep suddenly accelerates in the tunnel is one thing. This is having control wrested from you at a whole other level. How do you train for this, and how do you design preventative measures when any one (or more) of several of the vehicle’s functions can be tampered with unexpectedly? The chances of this issue cropping up at a particular car wash are probably remote, but the likelihood of such an occurrence becomes less farfetched as time marches on.
Well, time has marched on, and such an occurrence has become more rather than less likely. By 2022, the Kill Switch report estimates, at least two-thirds of new cars in the United States will have Internet connections to their safety-critical systems. Moreover, the report states, many of the major auto manufacturers rely heavily on software written by third parties, including open-source software like Linux. Not exactly a comforting thought. Add to this that today’s cars can contain over 100 million lines of software code — 10 times the number to be found in an F-35 joint strike fighter jet, according to Neil Steinkamp of Stout’s automotive recalls research. A software industry truism: more code, more bugs.
Consumer Watchdog has a suggested solution: to protect the public, automobile manufacturers should install a kill switch in every vehicle, allowing consumers to physically disconnect from the Internet. It can go right next to the car-wash-mode button.