By on April 29, 2016

lawsuit

Hoping to access and remotely take charge of a vehicle’s operating system via your laptop? Expect to shower with strange men in a place where the Wi-Fi sucks.

Life behind bars is the penalty proposed by two Michigan senators seeking to regulate the state’s connected and autonomous vehicle industry, Automotive News reports.

The bills introduced yesterday make it a super-duper felony to intentionally access a vehicle’s electronic system for the purpose of damaging it or gaining control of the vehicle.

As a demonstration, two computer experts did just that to a Jeep Cherokee travelling on a St. Louis highway last summer, leading to the recall of 1.4 million Fiat-Chrysler vehicles equipped with the hack-prone Uconnect system.

It’s expected that more bills will follow yesterday’s Senate Bill 927 and 928, as lawmakers generally lean towards comprehensive regulation of an emerging industry, rather than piecemeal legislation.

Senators Mike Kowall (R) and Ken Horn (R) claim the legislation is proactive, with Kowall saying he hopes the legislation, if passed, is never used.

“That’s why the penalties are what they are,” he said. “The potential for severe injury and death are pretty high.”

The hackers behind the Cherokee stunt were able to control the Jeep’s steering and braking systems, as well as its transmission.

Infotainment and GPS systems are the keyholes that hackers use to enter and access a vehicle’s primary functions. FCA installed a patch on its software during last year’s recall, but some companies are now developing a beefier vehicle firewall.

The two Michigan bills were sent to the Senate judiciary committee, so there’s little time left for the state’s hackers to get their kicks. After that, it’s back to the well-paying job, community work and recurrent carnal relations they’re best known for.

[Image: SalFalco/Flickr (CC BY-SA 2.0)]

Get the latest TTAC e-Newsletter!

Recommended

10 Comments on “Life in Prison for Car Hacking? Michigan Takes the First Steps...”


  • avatar
    twotone

    Will those rules and penalties apply to the police, FBI, CIA, NSA, KGB, etc. who hack into cars? If so, then I’m OK with it.

    • 0 avatar
      yamahog

      You know it won’t be. Those hacking laws – that attorneys use to lock up script kiddies like the ones who scrapped scientific journals or got a list of AT&T customers who used ipads – are applied judiciously against regular people but law enforcement officers that use surveillance tools to spy on their love interests aren’t even given a slap on the wrist.

      In my state, something like 30 police officers in a single department were caught misusing the system and only one of them got any consequences – he lost two days of vacation.

  • avatar
    dougjp

    Good bill, hope it goes through and then is used to convict criminals.

  • avatar

    So what happens when the owner attempts to access their vehicle’s OS for gaining control of the vehicle? It’s hard to tell from the article if there’s exceptions for that–I’d assume there must be.

  • avatar
    tonycd

    How much you wanna bet that like most legislators who are all gung-ho to dish out enormous jail terms, these guys are taking cash from the for-profit prison industry?

  • avatar
    mike1dog

    “After that, it’s back to the well-paying job, community work and recurrent carnal relations they’re best known for.” Well, what else are state senators to do?

  • avatar
    ellomdian

    Knee-jerk reactionary legislation (especially with mandatory minimums!) has worked out so well for us in the past – the War on Drugs in the 80’s, War on Crime in the 90’s, and War on Freedom in the 00’s had no fallout, unintentional or not.

    Pretty sure we already have great laws to cover Criminal Negligence, Assault, Attempted Murder, and a smattering of fraud statutes that could cover this without most judges even blinking. But yeah, go ahead and create a new class of crimes because The Public is scared.

  • avatar
    Baldpeak

    Well gee whiz, aren’t murder, reckless homicide, reckless endangerment and computer hacking already illegal? Oh right, but they can’t use those crimes to terrify anyone who even thinks about modifying their car.

  • avatar
    karonetwentyc

    Allow me to state up front that I have only skimmed the text of the proposed acts in question; my understanding of them is likely not what could exactly be referred to as ‘comprehensive’. With that out of the way:

    I am wondering how Michigan’s lawmakers are going to reconcile the provisions of these proposed acts with the existing ones at a Federal level in the Digital Millennium Copyright Act which permit reverse engineering (including circumvention of encryption, encoding, and other methods of protection) for the purposes of security research.

    Note that I am not stating an opposition to third-party research into automotive control systems: I’ll put my bias out in the open and state that I am entirely in favour of it. But it does appear as though Michigan’s proposed laws run afoul of at least a couple of DMCA provisions which could ultimately put this law into contention with existing Federal ones.

    If anything, the onus should be on the manufacturers to design inherently more-secure control systems which have been reviewed by third-party auditors and testers prior to placing them in production vehicles. Given both the potential for risk to human life and property as well as the liabilities involved with not doing so, one would think that if for no other reason than due diligence manufacturers would require this to be a mandatory part of their software development processes.

    It would be interesting to know who (if anyone) is backing these pieces of legislation beyond the Senators involved. They appear to be a handy way to – in Michigan, at least – criminalise exposing automobile manufacturers’ shortcomings in securing their in-the-marketplace vehicle control systems while simultaneously silencing publication of the efforts of that research.

    • 0 avatar
      WildcatMatt

      “It would be interesting to know who (if anyone) is backing these pieces of legislation beyond the Senators involved. They appear to be a handy way to – in Michigan, at least – criminalise exposing automobile manufacturers’ shortcomings in securing their in-the-marketplace vehicle control systems while simultaneously silencing publication of the efforts of that research.”

      Given all the other legislation around in nearby states that makes it illegal to take photos or videos at factory farms (in order to suppress discovery or publicity of potential cruelty to animals), this smells like the real reason to me.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • dal20402: Nope. I’d rather have the ones in the compact class rather than these. All of the mass-market entries...
  • How_Embarrassing_4You: Crazy, know at least 5 people who have owned(and then bought newer years) first year Ecoboost...
  • nrd515: After hearing about the problems friends had with their Ecoboost F150’s, I wouldn’t touch one...
  • jack4x: There actually is a recall open for the LED headlight trucks being too bright on low beam. The running lights...
  • baggins: I dont know if the Hyundai Venue is a tweener, but at the recent SF auto show, my 16 year-old son, a 60 year...

New Car Research

Get a Free Dealer Quote

Staff

  • Contributors

  • Timothy Cain, Canada
  • Matthew Guy, Canada
  • Ronnie Schreiber, United States
  • Bozi Tatarevic, United States
  • Chris Tonn, United States
  • Corey Lewis, United States
  • Mark Baruth, United States