By Cameron Camp
I’ve just about recovered from the sensory overload
that is CES to gather my thoughts
from what was another fascinating event. This blog, on connected car hacking,
is the first of two posts.
New cars are networked computers with an engine
attached. Yours doesn’t sync with your phone when it detects you driving?
That’s so 2016. At this year’s CES, we saw cars that attempt to connect
all the dots along your morning commute, including suggesting routes with less
congestion, reminding you of appointments and such. But when this complex
ecosystem has issues, who do you call? Auto manufacturers point to the third
party computer systems, and they, in turn, point to upstream providers. You’re
now driving a tech mashup that just happens to be mobile.
Recently, I bought a new car, and the sales guy
told me I needed the extended warranty because the computer replacement cost
more than any other single component on the car, including the engine. Try to
explain that to classic car collectors. It won’t skid on slippery surfaces, tries
to park itself, and a host of other distracting things I haven’t quite figured
out. Their manuals are big thick books, but who reads the manuals?
“It’s becoming clear to the
folks at CES that your engine is really an accessory.”
It’s becoming clear to the folks at CES that your
engine is really an accessory, which can be replaced by a very large electric
one very soon, and your computer needs to keep track of voltage to that
accessory and let you know about it, probably on an app on your smartphone, which
seamlessly appears on your in-dash monitor when you get close to the car.
So we’ve come full circle. While years back you had
an office computer where you sat at a chair and did a task, now you sit in a
chair with a seatbelt surrounded by a computer that happens to be moving. But
in the same way we’ve been fighting attacks for years on desktop computers
(which still have issues), we’ll increasingly see issues with that whole mobile
experience. But I’m just not sure who to call anymore.
I put that question to one of the booth staff. He
had no idea. Apparently, the connectivity to the car is handled by a bulk
communication company as a partnership with the folks who make the car, who
also partner with the computer people at the booth I was visiting.
I have a colleague in the industry who tried to
hack his car for performance with some software he got online. He managed to
brick his car, or at least it dropped into limp mode with very limited
functionality. He basically could only minimally drive it, and wound up going
the dealer and just saying something was broken and he didn’t know what. They
couldn’t understand it either, and eventually replaced the computer. They
didn’t charge him. He was very lucky.
“Dealers will become more
sophisticated in spotting hack attempts, even as the hacking market for
performance modifications increase.”
Dealers will become more sophisticated in spotting
hack attempts, even as the hacking market for performance modifications
increase. There are a host of new doodads here that allow you to interface with
your car more easily, and every year at DefCon there is a larger area devoted
to the subject.
Manufacturers are at least working on better
firewalls now to keep the computers all protected, but that won’t hit the
showroom floors for years, meaning there are millions of cars on the road
(basically all of them) that hackers will try to exploit.
If a vulnerability is found, they will have
millions of vehicles to target that have no effective way of being updated,
since few would heed the warning to take it to the dealer for a fix.
It’s not hopeless. There are lots of startups that
are looking at building anti-hacking equipment for modern cars. It will remain
to be seen whether manufacturers will let you use any of it without voiding the
warranty and bricking a very expensive car. If they learn to work together with
the community, however, we can bring to bear lessons learned over a long period
of time from chairs in front of computers-on-desks and keep us all a little
safer.