After Fiat Chrysler recalls 1.4 million cars to fix a software vulnerability, Simon Hacker explores how easy it might be for criminals to tune into your car’s controls.
1 We’ve glanced upon this subject before in this page, but Fiat Chrysler’s sudden recall of a staggering 1.4 million cars in the USA has pushed the issue of car hacking far higher in the news agenda. What was a what-if story is fast becoming a headline consumer issue. To recap, this is a problem we could all see coming: cars are increasingly little more than mobile computers. A basic service can be largely carried out via their USB connection. Car makers boast of each new model’s increasing telemetry and connectivity, and the steady progress we make towards making our wheels remotely operable inevitably opens a new arena for tech-savvy criminals to exploit. So the day when you head off for the office only to find your car disagreeing and directing itself to a shady lay-by where a hooded gang with an open-backed lorry awaits, may not be so far off.
2 Let’s pause that nightmare for a while though. How real is the threat today? Well, the USA’s Wired magazine has shown social responsibility by exposing this issue, but has not urged mass panic quite yet. Basically, two hackers working for the magazine were able to remotely manipulate a Jeep Cherokee’s transmission, radio, air conditioning and other systems, their access being from mobile phone to the car’s Uconnect entertainment system, and from there into the car’s key functions of steering, braking and throttle. In raw terms, the “crashed” Jeep shows the move towards wireless operation of your car’s functions exposes the car, and you, to exploitation by a third-party.
3 Wired’s scoop, however, is a tad ahead of the game. At heart, this remains largely an anticipated risk, with no reported case of a hijacking out there beyond this media initiative. The recall being implemented is also easy-peasy. The maker sends out a small hard drive you plug into your car, enabling a patch for the software to be imported. The hackers at Wired say it’s a proper fix. Panic over then, if you’re one of those 1.4 million motorists, but as Jim Gillette, a Detroit auto expert, observes: “I think that this whole recall is going to send a message to the other automakers, ‘boy we better figure out very quickly how to prevent this sort of thing from occurring in the future’.”
4 So you’d be foolish to point and laugh at Jeep owners, especially if you drive a car with iPhone or Android integration. Apps such as the Viper SmartStart allows you to unlock and fire up your engine from anywhere, free of the geographical limits of Bluetooth and traditional keyless systems. And websites such as www.lifehacker.com offer instructions on building a system to enable your car to receive a text message ordering it to start up, all for little more than £25. Suddenly this kind of 007 technology is cheaply available and you don’t need a supercar to run it. If tinkering with your car’s brain worries you (which it should) there’s always the official route: makers such as Mazda, with its CX-5 Mazda Mobile Start, offer remote activation for US customers for $65 annually. And Land Rover has recently demonstrated an app to drive a Range Rover Sport, just as Pierce Brosnan remotely piloted his BMW 750i in the Bond film, Tomorrow Never Dies.
5 Criminals might be salivating at all this, but there’s a side to remote apping which is perhaps even darker. Government spooks, you can be assured, will already be looking into the implications and benefits of being able to hack into your wheels, turning your dashboard into a listening post and, of course, directing your car to the nearest convenient point if they would like a friendly chat. All the same, we are told that the chances of having your car hacked are less than you being struck by lightning. Having said that, 24,000 people are killed, on average, every year, by bolts from the blue – and being in your car is statistically a safe place to be during any thunderstorm. Classic car with a crank handle, anyone?