My pal Dave has a beautiful home with a large pool behind it. The pool has an artificial waterfall that he can turn on and off via his iPhone. He can also monitor the pool’s temperature and several other features.
Dave and his wife each drive a recent-vintage BMW, and both cars have 50-100 microprocessors in the main computer controlling fuel flow, tire pressure, steering, braking and dozens of other functions.
The pool, the cars and a whole lot of other devices in their home are the beginning of what’s called the Internet of Things. These are the billions of devices linked wirelessly to the Internet and capable of communicating with each other. At some point, the Internet of Things will control essentially every device you own, from your toaster to your car.
And there’s the rub. Forget about machines taking over the world. The cynics among us have no problem imagining a future that’s more like a really annoying Rube Goldberg world where you have to get permission from your television and refrigerator before using the bathroom. But you can’t hear what the refrigerator is telling you because it’s drowned out by the noise of the rotors of the mini-drones shining neon ads at you while they deliver the groceries, mail and more.
Of course, where communication is possible, miscommunication will happen. As always, Murphy’s Law governs: Whatever can go wrong, will go wrong.
Now, take that to the next level. Every year, cars are more elaborately equipped with GPS, infotainment systems that connect to the Internet and much more. Many already communicate wirelessly with dealers, service centers and emergency road services. Companies such as Google and Apple are building autonomous cars that will take passengers, no longer drivers, wherever they want to go.
Because the computers that run cars can communicate over the Internet, unauthorized third parties, many with malicious intent, can communicate with them, hack into their software and take control.
At some point, the Internet of Things will control essentially every device you own, from your toaster to your car. (AP Photo)
It’s not that vehicle software is so new; computers have been built into cars for roughly three decades. They have to be programmed to run the fuel injection, monitor the brakes and do the thousands of other tasks manufacturers require of them.
But software can be manipulated. Volkswagen’s admission that it changed cars’ software to cheat on emissions tests is only one small part of the picture. The biggest danger to car owners is from hackers, be they Chinese government cyberwarriors or some guy in pajamas in his mama’s basement, who can seize control of computers operating our cars.
In July, Wired magazine detailed a test in which third-party hackers, using a wireless connection to a car’s computers, took over a Jeep Cherokee. They turned on the air conditioning and the radio, shut off the engine and shut down its brakes. They eventually cut off operation of its transmission. The same month, hackers invaded GM’s OnStar system to locate, open and start cars.
Criminals and governments have a potential bonanza of opportunities for mischief. Personal information stored on a cell phone can be stolen through a vehicle’s Bluetooth connection. More seriously, the car’s controls can be seized by computer carjackers and crashed.
Think about how easy it would be for hackers to blackmail a car company. “We have 10,000 of your cars under our control. Pay us a billion dollars or we’ll wreck them and cause thousands of people to be injured or die.” If that hasn’t happened yet, it will soon.
The biggest danger to car owners is from hackers, be they Chinese government cyberwarriors or some guy in pajamas in his mama’s basement. (AP Photo)
The hackers who took over the Jeep and used OnStar to locate, open and start cars aren’t the only people trying to hack into your car’s computers. Several government agencies, including the Defense Advanced Research Projects Agency, are believed to be testing ways to do the same thing.
DARPA is also reportedly researching unhackable software, and not just for cars but for combat aircraft as well. The Lockheed Martin F-35’s computers, which reportedly contain more than 5 million lines of code, are predictable targets for enemy hackers. But as DARPA knows better than we, there’s no such thing as unhackable software, just as there are no unbreakable codes. What one man can invent another can penetrate.
Roger Lanctot is the go-to expert on the security of automobile computer systems. He is the associate director of the global automotive practice at the firm Strategy Analytics and an industry leader in the analysis of the problems and benefits of connected cars.
Lanctot told the Washington Examiner that carmakers and aftermarket feature vendors have incorporated microprocessors to control car functions for decades. He said that “chipping” engines was originally designed to enhance performance, but the technology has taken great leaps in a short time. Infotainment systems brought the concept of high-speed computer processors into cars.
What’s changed is the emergence of advanced driver-assist systems, Lanctot said. After achieving more OnStar-like connectivities to mobile phones, the carmakers’ addition of automatic driver-assist systems like automatic parking “is sending a different kind of message that we’re putting control of the brakes and the accelerator [and steering] into a computing device in the car,” he said.
According to Lanctot, at least a dozen initiatives provide some sort of protection against the hackers, but not a great deal of progress has been made. He said the protections are “largely not in place,” although several carmakers are now providing a basic level of security. How serious is the vulnerability? Right now, Lanctot said, “It’s a nightmare.”
Roger Lanctot told the Washington Examiner that carmakers and aftermarket feature vendors have incorporated microprocessors to control car functions for decades. (AP Photo)
And while that is going on, many of the premier car manufacturers have already decided their cars will have modems to monitor vehicle functions. The goal is to provide their cars’ computers with monitoring and scanning capabilities similar to the McAfee and Norton Utilities anti-hacking software that protect home computers. However, they face some serious obstacles that are preventing an industry-wide standard from being established.
First is the fact that carmakers use a variety of software operating systems. Some use an Android-like Microsoft Windows system, while others use a variety of commercial systems or even their own proprietary software. Worse still, some use a combination of operating systems in the same vehicle.
The second big obstacle is cost. It will be expensive to implement real-time monitoring and scanning systems like we see in home computers. The automakers are trying to figure out how the expense will be absorbed by consumers, dealers and the manufacturers themselves.
Another expert interviewed by the Examiner, who preferred not to be identified, said the answer is in the approach taken by aircraft manufacturers. He said that a sort of software firewall should be devised so the car’s main driving functions — steering, power and transmission — are separated from those that are reachable by Internet connection.
And yet, the problem with firewalls is the same as that of trying to devise unhackable software: No firewall can be developed that is impossible to breach.
This second expert said the firewall can be physical, but adding redundant systems will be expensive in cost and extra weight.
He also said that when mechanical engineers try to design software, they’re interested only in the functionality of the part of the system with which they’re dealing. That means they often design software that with each problem solved can bring systemwide problems that otherwise didn’t exist.
The problem with firewalls is the same as that of trying to devise unhackable software: No firewall can be developed that is impossible to breach. (AP Photo)
According to one newspaper report, every new car sold today is running about twice the computer code as all of Facebook. But when one part of the software is changed, it causes a ripple effect that can set software designers back for months or more.
For cars, the same result is likely to happen, especially when you have a variety of engineering approaches to the many control functions of a car.
Lanctot believes that eventually all cars will have to be connected to their manufacturers by the Internet. The second expert believes connectivity should be barred for the main control functions of the car and that a hard-wire connection should be used instead.
From all of this, several conclusions emerge. First, automakers are going to continue increasing the connectivity of cars to meet consumer and market demand. That’s especially true as cars become cell phones with wheels, importing map data, music, telephonic connections and other data that consumers have come to expect.
Second, while there is now no adequate protection of vehicle systems from hackers, increasing pressure on carmakers will cause many to adopt short-term fixes that may or may not prove sufficient.
And third, the computer hacking community will become more active, taking control of cars, capturing drivers’ personal information and committing a variety of serious criminal acts in the process.
Automakers will have to devise solutions to these problems. Those solutions will not be cheap.This article appears in the Oct. 5 edition of the Washington Examiner magazine.
This article appears in the Oct. 5 version of the Washington Examiner magazine.
Jed Babbin was the former U.S. undersecretary of defense in the first Bush administration. He is currently a senior fellow with the London Center for Policy Research.
