It's been a rough few weeks for car companies. Two weeks ago, a blockbuster report showed researchers Charlie Miller and Chris Valacek remotely hacking a Jeep's onboard modem, eventually cutting the brakes and killing the engine. In the days that followed, we saw other researchers break into GM's Onstar system and even plug into a Tesla to physically implant malware into the car's central computer. The twin Black Hat and DefCon conferences always bring an onslaught of new vulnerabilities, but this year security researchers have shown a particular interest in connected car vulnerabilities, and in many cases, automakers haven't been prepared for it.
The standard response from security pros is simple: get better at maintaining your software. Cars are connected to the wild and woolly internet now, so manufacturers need to get better at finding and patching bugs. Automatic updates mean cars have to be even more connected, so that a car company's security team can remotely patch security holes as quickly as attackers find them. Once you're plugged in, the logic goes, you have to plug in all the way.
Why connect cars to the internet at all?
But why connect cars to the internet at all? Why not give up your Wi-Fi hotspot in exchange for not having to worry about getting totaled by a software vulnerability? Maybe the risks of the connected car now outweigh the benefits. Why are we so committed to the connected car?
Unplugging feels like an unusual solution — the tech world isn't used to tactical retreats — but it makes more sense than you might think. In security theory terms, it's a question of attack surface. Every connectivity feature gives attackers one more place to break in. We've already seen attacks targeting vehicles’ Wi-Fi hotspots, Bluetooth controls, and even plain old remote key fobs. Security means protecting each of those avenues from attack, but it also means asking if each new attack surface is worth the tradeoff. Since most connectivity features come as an all-or-nothing set, that's a question consumers haven't been able to ask — but it's one automakers should be giving a lot of thought.
Those questions of attack surface have played out in the details of the hacks themselves. GM's Onstar system has specific limits, so when researchers compromised the system, they were able to unlock the car and start it, but they couldn't shift into drive or trigger the brakes, making the vulnerability much less dangerous than it might have been. But when researchers targeted Jeep's onboard modem, there were fewer internal divisions, and attackers were able to do anything from attacking the transmission to shutting off the car completely. If Jeep's telematics systems had been a little less embedded in the car's central functions, the hack would have been a lot less damaging.
Every connectivity feature gives attackers one more place to break in
But while the logic of security dictates fewer features, the logic of the auto industry demands more features every year. Given the choice between two nearly identical minivans, buyers are apt to choose the one that can be unlocked from an app on your phone or remotely started on a cold day. That leaves automakers with a strong bias to include more and more optional features. Tim Nixon, GM's CTO of connectivity features, says programs like Onstar are particularly important as the core functions of a car become increasingly similar from company to company. "Look at fuel economy, durability, styling — there's a lot more parity in the industry than there used to be," Nixon says. "So we see connectivity as a way to break away from that."
In the years to come, the demand for connectivity may grow even stronger. Many in the auto industry see a troubling gap between the constant evolution of tech platforms and the gradual decay of conventional cars. Your phone might grow more useful every year, as you install more apps and updates, but without connectivity, a car will never be better than the day you drive it off the lot. "That's really where the future is headed," says Nixon. "Customers' expectation of products and services is that they're going to improve over time, and cars shouldn't be any different." That means continuous software updates, app-store ecosystems, and an ever-increasing attack surface.
But while a thirst for more features is driving automakers forward, the security infrastructure hasn't been keeping pace. As Craig Smith, author of the Car Hacker's Handbook, points out, most automakers design a car to be supported for 15 years — but without an over-the-air patch system, it's hard to see how that can work for software. "There's no software package that didn't get a patch in 15 years, I don't care who you are," says Smith. The result isn't a full stop for the connected car, but it could mean a gentle pump of the brakes for companies that rushed in early. "I don't think it's something where we can't do it," Smith says. "Did we do it too early? That could be a valid statement."