Skip to main content
  1. Home
  2. Cars
  3. News

For connected cars, improved functionality means gaps in the armor

By

Tesla Model S interior
Image used with permission by copyright holder
Every year, our cars inch closer to becoming rolling smartphones, and while we revel in the opportunity to link our devices, communicate with our circles, and update our preferences on the fly, the windows of opportunity for hackers grow with each advancement.

To showcase the vulnerabilities of the connected car, two security experts in Missouri recently took control of a Jeep Cherokee as it drove down the highway. You’ve heard of hackers commandeering door locks and sound systems before, but Chris Valasek and Charlie Miller were able to hijack the vehicle’s Unconnect infotainment system and manipulate the brakes, engine, and transmission with a couple laptops in a living room.

Recommended Videos

The Uconnect experiment wasn’t the first time a car has been hacked, and it certainly won’t be the last, but perhaps more stringent regulations can cut down on incidents like these in the future.

Related

The Security and Privacy in Your Car Act (SPY Car Act), a Senate bill recently proposed by Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.), hopes to do just that, and we reached out to industry experts to get their take.

One authority we spoke to was Mahbubul Alam, the chief technology officer for Movimento Group. Movimento specializes in over-the-air software updates and connected cars, and the company’s latest offering can update any OBDII vehicle’s operating system wirelessly once the client has been installed. For Alam, keeping hackers out is all about redundancy.

“Security is a constant rate race,” he said. “You just have to be ahead of those hackers, that’s the race, and it’s a lifelong race.”

“Since [Movimento] can update all the ECUs, we are also monitoring those ECUs,” he continued. “The way that the ECUs work in a nutshell, there is an operational mode and there is a programming mode. If someone is trying to set the ECU into programming mode, and it is not authorized by the Movimento client or the cloud manager, we will block it and report it back. The car will continue to operate there will not be any change. We can do that within 10 milliseconds, and the ECU typically takes longer than that [to react].”

While companies like Movimento pride themselves on their safeguarding abilities, it appears that mainstream automakers have fallen behind, as the technologies and talents of hackers have zeroed in on the weaknesses of the modern connected car. Legislators and pundits around the world are echoing Markey and Blumenthal’s concerns, but few are closer to the issue than the men who sent the Jeep Cherokee helplessly rolling to a stop.

“We feel that as cars become more connected, software security becomes more important,” Valasek and Miller said in a statement. “In addition to robust, well-tested software, technology for monitoring, logging, detecting, and possibly stopping attacks should also be implemented.”

Editors’ Recommendations

Topics
Andrew Hard
Andrew Hard
Former Digital Trends Contributor
Andrew first started writing in middle school and hasn't put the pen down since. Whether it's technology, music, sports, or…
Range Rover’s first electric SUV has 48,000 pre-orders
Land Rover Range Rover Velar SVAutobiography Dynamic Edition

Range Rover, the brand made famous for its British-styled, luxury, all-terrain SUVs, is keen to show it means business about going electric.

And, according to the most recent investor presentation by parent company JLR, that’s all because Range Rover fans are showing the way. Not only was demand for Range Rover’s hybrid vehicles up 29% in the last six months, but customers are buying hybrids “as a stepping stone towards battery electric vehicles,” the company says.

Read more
BYD’s cheap EVs might remain out of Canada too
BYD Han

With Chinese-made electric vehicles facing stiff tariffs in both Europe and America, a stirring question for EV drivers has started to arise: Can the race to make EVs more affordable continue if the world leader is kept out of the race?

China’s BYD, recognized as a global leader in terms of affordability, had to backtrack on plans to reach the U.S. market after the Biden administration in May imposed 100% tariffs on EVs made in China.

Read more
Tesla posts exaggerate self-driving capacity, safety regulators say
Beta of Tesla's FSD in a car.

The National Highway Traffic Safety Administration (NHTSA) is concerned that Tesla’s use of social media and its website makes false promises about the automaker’s full-self driving (FSD) software.
The warning dates back from May, but was made public in an email to Tesla released on November 8.
The NHTSA opened an investigation in October into 2.4 million Tesla vehicles equipped with the FSD software, following three reported collisions and a fatal crash. The investigation centers on FSD’s ability to perform in “relatively common” reduced visibility conditions, such as sun glare, fog, and airborne dust.
In these instances, it appears that “the driver may not be aware that he or she is responsible” to make appropriate operational selections, or “fully understand” the nuances of the system, NHTSA said.
Meanwhile, “Tesla’s X (Twitter) account has reposted or endorsed postings that exhibit disengaged driver behavior,” Gregory Magno, the NHTSA’s vehicle defects chief investigator, wrote to Tesla in an email.
The postings, which included reposted YouTube videos, may encourage viewers to see FSD-supervised as a “Robotaxi” instead of a partially automated, driver-assist system that requires “persistent attention and intermittent intervention by the driver,” Magno said.
In one of a number of Tesla posts on X, the social media platform owned by Tesla CEO Elon Musk, a driver was seen using FSD to reach a hospital while undergoing a heart attack. In another post, a driver said he had used FSD for a 50-minute ride home. Meanwhile, third-party comments on the posts promoted the advantages of using FSD while under the influence of alcohol or when tired, NHTSA said.
Tesla’s official website also promotes conflicting messaging on the capabilities of the FSD software, the regulator said.
NHTSA has requested that Tesla revisit its communications to ensure its messaging remains consistent with FSD’s approved instructions, namely that the software provides only a driver assist/support system requiring drivers to remain vigilant and maintain constant readiness to intervene in driving.
Tesla last month unveiled the Cybercab, an autonomous-driving EV with no steering wheel or pedals. The vehicle has been promoted as a robotaxi, a self-driving vehicle operated as part of a ride-paying service, such as the one already offered by Alphabet-owned Waymo.
But Tesla’s self-driving technology has remained under the scrutiny of regulators. FSD relies on multiple onboard cameras to feed machine-learning models that, in turn, help the car make decisions based on what it sees.
Meanwhile, Waymo’s technology relies on premapped roads, sensors, cameras, radar, and lidar (a laser-light radar), which might be very costly, but has met the approval of safety regulators.

Read more