Car firms distance their cars from Jeep hack

Jeep hack shows all connected cars are vulnerable? Not so fast, say Audi and Mercedes-Benz

FCA hastily released a software update after two professional hackers showed Wired magazine they could use a laptop from their own homes to take over a 2014 Jeep Cherokee as a reporter drove the car.

FCA hastily released a software update after two professional hackers showed Wired magazine they could use a laptop from their own homes to take over a 2014 Jeep Cherokee as a reporter drove the car.

 

Security fears could put a dampener on future self-driving cars after hackers showed they could wirelessly take control of hundreds of thousands of US-built cars built by FCA, owners of the Fiat, Jeep and Chrysler car brands.

The United States Senate is even chewing over an automotive anti-hacking bill as FCA has scrambled to deliver a software update.

FCA hastily released a software update after two professional hackers showed Wired magazine they could use a laptop from their own homes to take over a 2014 Jeep Cherokee as a reporter drove the car.

The two hackers, Charlie Miller and Chris Valasek, allowed journalist Andy Greenburg to drive the Cherokee before remotely turning on the windscreen washers and wipers, cranking up the sound system, shutting off the engine on a highway, taking control of the steering wheel and disabling the brakes.

They notified FCA of the vulnerability in the Uconnect infotainment system in the US-built cars, and drew the car firm’s ire by planning to release part of the code at a security conference next month in Las Vegas.

Part of the reason for FCA’s anger is that its technology does not allow it to “push” updates to customer cars over the internet, so needs owners to visit a website or go to a dealer to download the security patch.

Yet both Audi and Mercedes-Benz say they remain unconcerned, insisting their security development is at a different level to the potentially impacted Chryslers, Dodges, Rams and Jeeps.

“Safety-critical systems get a lot of work from us,” Audi’s head of electronics Rick Hudi said, while Mercedes-Benz insisted there was no way their cars could be hacked from the outside.

The two German premium carmakers have insisted it’s not possible today to use the internet connectivity of their cars to hack into its control systems. Audi, pointedly, regularly uses professional hackers to test their electronics security work, Hudi admitted.

“When we think we are at the point where the concepts are right, we regularly pay people to hack them,” Hudi said over the weekend.

“We pay companies to take our cars away to hack them, before they get to production. We give them our cars and say ‘Take as long as you want but please try to attack it, in whatever way you can’.

“Basically we tell them they can use all ways available including straight vandalism to get access to control the car’s electronic systems. For what I can see, that’s the best way to improve security.

And, he admits, the hackers have shown Audi ways to defend its cars and driver in the past.

“We have learned from that how to increase the safety mechanisms. They gave us some valuable points which levels can be improved.

“Connectivity is a way of life, but the systems are not the same as the car’s systems. There is networking as one point and the other is how you do your modularity and scalability and safety functions across the system.”

While the Jeep hacking scandal has caused widespread public concern, it hasn’t slowed Mercedes-Benz’s push for autonomous and semi-autonomous driving, according to the company’s head of transmissions.

“There is no way you could hack a Mercedes-Benz from outside the car,” a senior Daimler engineering executive said.

“The only ways into the core systems are with a normal on-board diagnostic system from the dealership or workshop.

“You can’t really hack it. You have a control gateway and you have to go through that.

“Even when you have a remote start, there is a link there from the phone. Mercedes Me can open the doors of the car, but this is only for unlocking the doors, not starting the engine or driving away or disabling safety features.

“We have a server that every data stream has to go through and we work very hard on that security,” he said.

That hasn’t stopped two US Senators from introducing a bill to mandate minimum levels of security for cars that have any kind of internet connection.

The bill, which would ultimately affect all US-built cars exported to other markets, including those from Mercedes-Benz and BMW’s US plants, wants real-time monitoring of hacking threats and attempts on cars.

One of the drafting senators polled 16 carmakers on security policies earlier this year and found inconsistencies and vagueness on data collection from telematics, internet connectivity and security threats

Senator Edward Markey also wants to give drivers the ability to disable data collection for vehicle tracking and marketing reasons, and banning carmakers from cancelling navigation systems for drivers who opt out.

He also demands carmakers put stickers on cars to explain internet security measures in “clear and plain” language.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.