Before you get to the bottom of this paragraph, you should know that somewhere in this country, someone or some company just got hacked. Or, that right now, some lone wolf, cyber gang or clandestine arm of some government is trying to hack into something that belongs to someone else. And, soon enough, the next target for a hack may be your car.
Hacking is the term for gaining unauthorized access to an individual computer or computer system that serves a company or government. It’s cyber mugging. No bumps, no bruises, but robbery – violation – by any definition.
Last summer, among so many others to experience this fate, it was the government’s Office of Personnel Management. Two Christmas seasons ago, it was Target. For OPM, the hack exposed personal information of 22 million people. In the Target case, it was 70 million individuals – anyone who bought something at Target that holiday season. The Chinese are suspected in the former; a then 17-year-old Russian in the latter.
Why are cars a potential new target? Simple. In a new car, old technology has been replaced by computers. To illustrate (are you sitting down?), new cars are actually more sophisticated than the Apollo spacecraft that landed men on the moon! Figuratively speaking, new cars are rolling computers.
“Everything is coded in a new car,” said Colorado State University-Pueblo’s William Bencini, instructor in the CSU-Pueblo Automotive Industry Management Program. Code, explains Bencini, is what tells the computer how to perform operations. Perhaps the best example of this evolution in code can be found in a car that bears the name Google. The driverless car, or what they industry calls the autonomous vehicle, which operates on command. It’s driverless. Google is at the forefront of this technology but a number of car makers are following suit.
To illustrate the superior technology in new cars versus that which existed in the Apollo program, imagine this: Apollo 11 had 145,000 lines of computer code. Today, a new BMW, Toyota, Ford or Chevy may have as many as 100 million lines. Two NASA computers back then had a cost that ran into the millions and occupied a couple of rooms. NASA’s 60’s era computer power today could be placed in a cell phone – with tons of room to spare!
Some new car models come pre-wired with an Android operating system. ATT operating systems are now standard in many Audi and Tesla models. Computer technology is the bell that cannot be unrung.
Computers operate a new car’s air bags, air conditioning, sound system, satellite navigation, blue tooth, door and trunk locks and more. Without computers, new cars couldn’t run. Essentially, without computers, they would be your father’s Oldsmobile.
“It’s just amazing to me,” said Bencini. “It’s no longer just the engine and driving. It’s everything; acceleration, deceleration, vehicle stability, just a tremendous amount of software computing.” In fact, today’s new car can have as many as 50-100 computers controlling the vehicle’s operations.
As a result, hacking cars, whether in the driveway or the freeway, is the industry’s new concern. In fact, it’s already been done.
In an experiment conducted last summer by the website Wired.com, two hackers, Charlie Miller and Chris Vilasik, in a prearranged scenario, disabled a Jeep Cherokee, as they sat in a basement ten miles away from the vehicle. As the driver was reaching a cruising speed of 70 mph on a freeway, the hackers began their attack. They turned the air conditioning and the sound system to full blast as they simultaneously turned on the wipers smudging the windshield. The coup de grace occurred when they announced their success by displaying their images on the vehicles’ digital display.
Their computer hacking skills also got Congress’ attention. Democratic Senators Ed Markey and Richard Blumenthal offered up legislation to “establish federal standards to secure our care and protect drivers’ privacy.”
“Before, stealing your car was enough,” said Metropolitan State University of Denver’s Edgar Maldonado. All it took before the computer era was a larcenous bent and a handful of tools. We still have tools, only now they’re high tech. “We have computers,” said the MSU computer information expert. It’s a new world.
The technique of taking command and control of a vehicle away from a driver is known as ‘zero-day vulnerability.’ Essentially, it’s finding a ‘hole’ in the software and exploiting it. Depending on the hacker’s motivation, hacking can be as simple as disabling the heating or cooling or, if they decide to be ruthless, completely commandeering the steering and possibly causing a wreck.
Right now, automotive hacking has been done only as research. But, said Maldonado, “It may be only a matter of time” before hackers step up to a whole new level of deviousness.
But it’s not just hackers bent on exploiting computer technology. Automakers have also joined in. And not in a small way.
Volkswagen, one of the giants in the car industry, is squarely in the bulls-eye for what appears to be premeditated consumer fraud involving computers.
For the past six-plus years, VW has been installing ostensibly “clean diesel” software in vehicles sold in the U.S. But the software is anything but clean. In fact, it’s programmed to work only when being tested for emissions. In other words, any time these vehicles are on the road – up to a half million VW clean diesel vehicles – they are free to spew out unfiltered, hazardous and smog-forming emissions. They do exactly the opposite of what consumers think they should be doing.
VW has vowed to fix the vehicles – Golf, Jetta, Beetle and Passat – but the cost will go into the billions of dollars. The automaker also faces sanctions for violating the Clean Air Act. The company could also face fines of up to $18 billion. The company’s duplicity has already caused its CEO’s resignation.
But the cloak of invisibility offered by computers is also providing reams of data to police investigating vehicle accidents involving new cars and a motherlode of information to insurers wanting to know just how safely – or dangerously – a customer is driving their car or truck.
Police, who used to rely on things as rudimentary as skid marks to reconstruct an accident, can now use a car’s computer data to find out if a driver was speeding or otherwise doing something wrong when an accident occurred. Likewise, one insurer is now using a device called a ‘snapshot’ to monitor driving patterns.
While the device is ostensibly used to attract drivers wanting lower rates, many are getting just the opposite. If, for example, the data gleaned from the snapshot, which plugs into a car’s diagnostic system, shoots back negative information, it could actually result in an increase in rates. Additionally, a driver who’s opted to ‘test-drive’ the snapshot may also have to pay a fee for using it if their driving was deemed high risk.
Vehicles deemed most vulnerable for hack attack are those with internet connectivity, GPS and infotainment systems. In a recent survey, Toyota’s 2014-15 model Infiniti Q50 and Prius, GM’s ‘2015 Cadillac Escalade, newer model Ford Fusion, Range Rovers and BMW X3 and i12 models all ranked high.
Among those least susceptible to hacking, in data compiled by Miller and Vilasik, were the 2014-15 Dodge Vipers, 2014-15 Audi A8 and 2014-15 Honda Accord.
Big Brother is watching but watching, figuratively, on a 20-inch black-and-white model TV. But it may only be a matter of time before technology allows him to graduate to the stadium-sized jumbo screen and see anything and everything he wants.