{"id":58303,"date":"2015-08-06T17:38:31","date_gmt":"2015-08-06T09:38:31","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=58303"},"modified":"2025-01-19T14:58:51","modified_gmt":"2025-01-19T19:58:51","slug":"automakers-struggling-to-prevent-hackers-from-seizing-control-of-cars-a-game-of-cat-and-mouse","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2015\/08\/06\/automakers-struggling-to-prevent-hackers-from-seizing-control-of-cars-a-game-of-cat-and-mouse\/","title":{"rendered":"Automakers struggling to prevent hackers from seizing control of cars; a game of cat and mouse"},"content":{"rendered":"
\"(Shutterstock<\/a>
(Shutterstock image)<\/figcaption><\/figure>\n

DETROIT \u2013 When researchers at two West Coast universities took control of a General Motors car through cellular and Bluetooth connections in 2010, they startled the auto industry by exposing a glaring security gap.<\/p>\n

Five years later, two friendly hackers sitting on a living room couch used a laptop computer to commandeer a Jeep from afar over the Internet, demonstrating an even scarier vulnerability.<\/p>\n

\u201cCars don\u2019t seem to be any more secure than when the university guys did it,\u201d says Charlie Miller, a security expert at Twitter who, along with well-known hacker and security consultant Chris Valasek, engineered the attack on the Jeep Cherokee.<\/p>\n

Fiat Chrysler, the maker of Jeeps, is now conducting the first recall to patch a cybersecurity problem, covering 1.4 million Jeeps. And experts and lawmakers are warning the auto industry and regulators to move faster to plug holes created by the dozens of new computers and the growing number of Internet connections in today\u2019s automobiles.<\/p>\n

The average new car has 40 to 50 computers that run 20 million lines of software code, more than a Boeing 787, a recent KPMG study found.<\/p>\n

Miller and Valasek are known as \u201cwhite hat,\u201d or ethical, hackers and reported their findings to the company. But the episode raised the prospect that someone with malicious intent could commandeer a car with a laptop and make it suddenly stop, accelerate or turn, injuring or killing someone.<\/p>\n

After the 2010 hack, the auto industry plugged access holes and tried to isolate entertainment and driver information systems from critical functions such as steering and brakes. But in each subsequent model year, it added microchips and essentially turned cars into rolling computers.<\/p>\n

buy symbicort inhaler online https:\/\/care.aanviihearing.com\/wp-content\/uploads\/2025\/01\/png\/symbicort-inhaler.html<\/a> no prescription pharmacy <\/div>\n

The introduction of Internet access has created a host of new vulnerabilities.<\/p>\n

\u201cThe adversary only needs to find one way to compromise the system, where a defender needs to protect against all ways,\u201d says Yoshi Kohno, associate professor of computer science at the University of Washington, who was part of 2010 hack.<\/p>\n

Mark Rosekind, who heads the National Highway Traffic Safety Administration, has urged the industry to set cybersecurity standards and avoid government regulation.<\/p>\n

But two Democratic senators, Edward Markey of Massachusetts and Richard Blumenthal of Connecticut, have introduced a bill that would force the industry to seal off critical computers and add technology to stop hackers in real time.<\/p>\n

Security experts say automakers should have systems that recognize rogue commands and stop them from taking control of a car. Some already do. They also say car companies must behave more like the personal computer industry, instantaneously updating software via the Internet to stay ahead in a perpetual cat-and-mouse game. Tesla and BMW already can do this, and nearly all automakers are planning for it.<\/p>\n

Even so, experts say it\u2019s nearly impossible to stop all cyberattacks, as the U.S. government and major retailers have discovered.<\/p>\n

\u201cIt\u2019s the same thing you see in any industry: You do more and someone finds a way around it,\u201d says Bryant Walker Smith, a law professor at the University of South Carolina.<\/p>\n

In the 2010 incident, the hackers worked near the car. In the recent Jeep attack, Miller and Valasek used a laptop in Pittsburgh to control the vehicle in St. Louis.<\/p>\n

They used the Cherokee\u2019s cellular connection to access its radio.<\/p>\n

buy kamagra oral jelly online https:\/\/care.aanviihearing.com\/wp-content\/uploads\/2025\/01\/png\/kamagra-oral-jelly.html<\/a> no prescription pharmacy <\/div>\n

From there, they penetrated the vehicle\u2019s controls, changing its speed and taking over the brakes and the transmission.<\/p>\n

Just last week, another hacker revealed that he placed a small electronic box on a car to steal information from GM\u2019s OnStar system so he could open doors and start the vehicle. GM said the hack was isolated to one car and it has closed the loopholes.<\/p>\n

Miller says Fiat Chrysler did implement some security measures.<\/p>\n

buy furosemide online https:\/\/care.aanviihearing.com\/wp-content\/uploads\/2025\/01\/png\/furosemide.html<\/a> no prescription pharmacy <\/div>\n

The hackers at first got to a radio chip that was isolated from critical computers. It took them three months, but they got that chip to talk to another one and give them access to the Jeep’s controls. All told, the hack took about a year.<\/p>\n

Miller says that because so few people have the expertise and motivation, a large-scale hacking attack on cars is unlikely. \u201cSome teenager is not going to do this or some bored group of undergraduates,\u201d he says.<\/p>\n

Still, there is reason to question whether the industry is ready for a cyberattack.<\/p>\n

Stefan Savage, a computer science and engineering professor at the University of California, San Diego, participated in the 2010 hack. He praised Tesla for hiring a cybersecurity officer with power to make changes. GM created a similar position. But he says other companies he preferred not to name have moved more slowly.<\/p>\n

Savage says radios and other devices often have software owned by the outside supplier. As a result, the software can have vulnerabilities an automaker may not know about.<\/p>\n

He also says it\u2019s difficult to isolate radios, locks and other features from computers that move and stop the car. For instance, after a crash, cars are programmed to unlock their doors.<\/p>\n

The Alliance of Automobile Manufacturers, which represents a dozen major companies, says the industry is working with security firms and universities to prevent attacks. Earlier this month, companies formed a group to share information. Some companies such as Audi offer rewards to outside experts who find vulnerabilities in their systems.<\/p>\n

Savage predicts all automakers will accelerate plans for instant Internet software updates.<\/p>\n

\u201cI\u2019d be shocked if everyone doesn\u2019t deploy this stuff in the next few months,\u201d he says. \u201cThey can’t afford not to.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

DETROIT \u2013 When researchers at two West Coast universities took control of a General Motors car through cellular and Bluetooth …<\/p>\n","protected":false},"author":33,"featured_media":11262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[35],"class_list":["post-58303","post","type-post","status-publish","format-standard","has-post-thumbnail","category-technology","tag-original","mauthors-tom-krisher","mauthors-the-associated-press"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/58303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=58303"}],"version-history":[{"count":1,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/58303\/revisions"}],"predecessor-version":[{"id":285878,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/58303\/revisions\/285878"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/11262"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=58303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=58303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=58303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}