NHTSA Updating Guidance for Connected Cars, Cybersecurity
Despite having a formal mission objective to “save lives, prevent injuries, and reduce vehicle-related crashes,” the National Highway Traffic Safety Administration (NHTSA) has been shifting some of its focus toward automotive connectivity over the last few years. In fact, the agency has recently updated its guidance for vehicle cybersecurity – which was originally penned in 2016.
While this raises questions about the true role of the NHTSA, most government regulators have been flexing their muscles as new automotive technologies lacking clearly defined directives become increasingly commonplace. Besides, the safety agency has at least managed to tie its cybersecurity guidance (which is currently voluntary) to hacking concerns that could affect how the affected car behaves and how that might translate into physical harm for those on the road.
Report: Connected Cars Already Know Everything About You
Vehicular privacy is one of those things we never thought we’d have to gripe about but, as automotive connectivity becomes the norm, it’s become one of the most nagging issues in the industry.
Taking a cue from tech giants like Google, Facebook, and pretty much every other website you’ve ever connected to, automakers have begun leveraging customer data on a massive scale. Always-on internet connections exacerbated this problem (feature?), but it’s extremely difficult to tell exactly what kind of information is being shot up into the cloud before ending up at a manufacturer’s data center.
While we’ve seen cars hacked for the purpose of assessing how they’d stand up to malicious entities bent on wreaking havoc, few have attempted to decode the surplus of information emitted by your vehicle. We know this because people would probably be pretty upset to learn of the pathetic level of anonymity currently afforded to them. Despite spending tens of thousands of dollars on a new vehicle, privacy is rarely considered standard equipment.
Hackers Do the Dirty to Another Tesla Model 3
It’s Elon Musk’s birthday today, so we’ve decided to wish him well and say congratulations on Tesla Motors convincing the U.S. Commerce Department to waive the 10 percent tariff on imported aluminum so it can build more battery cells at the company’s Nevada Gigafactory. However, what would birthday well-wishing be without the all-important pinch to grow an inch?
Another Model 3 has been hacked, this time without the manufacturer’s blessing. We’re equating it to a mild goosing. Regulus Cyber, a company specializing in digital security, decided to give the Tesla (and a Model S) a shakedown by seeing if they could fool the car’s navigational equipment and upset/confuse Autopilot to the point of failure.
Let’s see how they did.
Hackers Digitally Invade Tesla Model 3, Winning One
Computer experts successfully broke a Tesla Model 3 at the “Pwn2Own” hacking event held recently in Vancouver. However, Tesla Motors isn’t biting its nails over someone finding vulnerabilities in its system, as it was privy to the plan. The automaker has operated a “bug bounty program” for the past 4 years, rewarding anyone who can pull it off — going so far as saying it wouldn’t void a vehicle’s warranty if a customer successfully hacked it in “good faith.” It even offered a maximum reward of $15,000 (USD) last year.
Meanwhile, the group that managed to break the Model 3 in Canada this month received more than a sack of cash from the automaker.
Safety Group to Senate: Clue in to the 'Baseless and Exaggerated Predictions' Swirling Around Autonomous Vehicles
Last year, the National Highway Traffic Safety Administration embraced autonomous technology by redefining how it categorized cars. Spurred by automakers and tech companies, the government has opened its eyes to this new technology and seen it as a way to potentially save lives by reducing the number of roadway accidents caused by human error.
Congress has been confronted with numerous pieces of legislation on the matter, too — prospective laws that would allow automakers to put hundreds of thousands of autonomous vehicles on the street, without the need to adhere to existing safety regulations. Many have called the move necessary if the United States hopes to be the first country to produce a truly self-driving car and start saving some lives.
It sounds almost too good to be true, and some claim it actually is. A group of public interest organizations is attempting to sound the bullshit alarm, claiming automakers are misleading government officials in the hopes of developing and profiting from unproven technology.
Uber Paid Hackers to Delete the Stolen Data of 57 Million People
In the midst of Uber Technologies’ corporate restructuring and cultivation of a squeaky-clean new image, the ride-hailing company was apparently hiding a dark secret. Striving for transparency, the company has now confessed that hackers stole the personal information of 57 million customers and drivers in October of 2016.
The coverup, apparently conducted by the firm’s chief security officer and another staff member, involved over $100,000 in payments to the hackers in the hopes to keep them quiet. The data lost included names, email addresses, and phone numbers of around 50 million Uber riders across the globe. Another 7 million drivers were also subjected to the digital attack, with over half a million of those losing their driver’s license numbers.
You Read It Here First: The Biggest Challenge to Autonomous Vehicles Is All Too Human
A bit more than six years ago, I wrote “The Blockers” for this site as a work of fiction, suggesting that there may be a bit of a popular revolt against self-driving vehicles and that it might be led by those who felt personally dehumanized as a consequence of “progress.”
Now, the nice people at MIT Technology Review have caught up to your humble author’s dystopian point of view.
The CIA Allegedly Considered Connected Cars as 'Potential Mission Areas' for Hacking
Automakers are hurriedly trying to implement connected vehicle technology and autonomous solutions to entice consumers, though there remains an underlying phobia among the general public that isn’t without a basis in reality. Cyber security is considered essential to the evolution of self-driving cars and plays an equally important role in the vehicles of today that offer enhanced connectivity.
Since modern automobiles rely so heavily on computers, there’s a plethora of elements that hackers could target. However, these hackers don’t necessarily need to operate outside of the law.
Embedded in a WikiLeaks analysis of documents allegedly acquired from the Central Intelligence Agency is an apparent interest in hacking automobiles. The most terrifying takeaway from those files? The claim that the CIA could theoretically use the systems in modern passenger vehicles to conduct “nearly undetectable assassinations.”
How Safe Are Cars From Hackers?
It’s an issue that the computer and Internet technology industry has been fighting for years: Hackers trying to gain access to your PC or the network of a major corporation with nefarious intentions such as extracting ransom from users after seizing data.
However, as vehicles become more laden with technology and increasingly connected to the Internet, could they also become targets?
Two leading security experts believe that your car, which is for the most part unsecured against hacking, will attract the attention of criminals in the not too distant future.
100 Million Volkswagen Group Vehicles Can Be Unlocked With a Cheap Hacking Device
Two decades’ worth of Volkswagen Group vehicles are vulnerable to a simple, cheap hack that can unlock their doors.
A research paper released this week (first reported by Wired) describes how multiple Volkswagen, Audi, Seat and Skoda models built since 1995 can be unlocked using a handmade radio that copies key fob signals.
Hackers Burrow Into a Jeep Again - Will FCA Give Them $1,500?
The same two guys who brought you last year’s remote hacking of a Jeep Cherokee on a Missouri highway (and resulting 1.4 million vehicle recall) are at it again.
This time, Charlie Miller and Chris Valasek entered the same Cherokee’s electronic brain, bypassing security software to gain control over key driving functions, according to Wired.
Houston Jeep and Ram Thieves Aren't Hackers: FCA
Jeep and Ram vehicles are being snatched out of driveways in Houston, but the thieves aren’t hacking their way to a free ride, according to the automaker’s U.S. head of security architecture.
A rash of thefts over the past few months in the Houston area had owners of Jeep and Ram vehicles scratching their heads until a garage surveillance video posted by police showed two men making off with a Wrangler. One of the men appears to use a laptop to start up the vehicle, raising fears that tech-minded thieves have developed a program to override security features and commandeer certain vehicles.
Fiat Chrysler Automobiles is working with the Houston Police Department on the case, but claims the video is misleading.
This Is How Volkswagen's Diesel Emissions Cheat Works, According to ECU Hacker (Video)
Volkswagen’s emissions cheating program closely follows a set of parameters that are very similar to those defined by the New European Driving Cycle (NEDC), an engineer said this week.
The cheat exists in the ECU’s “main mode,” said Felix Domke, and triggers a normal dosage of urea and other exhaust controls to bring NOx emissions to within acceptable levels.
Domke presented his findings of an unpacked Volkswagen ECU to the 32nd Chaos Communication Congress in Germany.
His findings are mostly in line with what the automaker has already admitted: its 11 million cars worldwide cheated emissions tests by using two different modes for operation, and that its cars could pollute up to 40 times the legal limit of nitrogen oxides when running normally.
But Domke, who said he owns a Volkswagen Sharan equipped with a 2-liter diesel engine, said his own observations showed a severe change in the ECU’s behavior when it exceeded the bounds of what it considered was an emissions test — more than what’s been reported so far.
NHTSA Chief: VW's Cheating Hurts 'Public Confidence' in Industry
Speaking at an event in suburban Detroit, National Highway Traffic Safety Administration chief Mark Rosekind said Volkswagen’s admission that they lied about emissions in their diesel cars erodes confidence in automakers.
“They tell you one thing, you question it,” Rosekind said to reporters, according to Automotive News. “You just have to question every assumption when information is provided.”
Recent scandals including VW, hackable cars and airbag defects erode consumer confidence and that more must be done by automakers before cars go on sale, he said.
“Accountability in leadership is literally at the top of the list, and we’ve just got to be out front, acting, talking and doing everything we can to demonstrate that it should be in their genes,” Rosekind said, according to Automotive News.
Tracking Stolen Police Cars
An alert from one of the local news stations popped up on my screen last week asking readers to be on the lookout for a stolen unmarked police cruiser. My first instinct was to warn family and friends that an impersonator was out on the loose. Once I got the word out, I started analyzing the situation and thinking about vehicle tracking. I wondered why the local police department did not equip their cruisers with some sort of GPS tracking device which could have allowed them to locate the vehicle quickly without putting the public at risk. I have some experience with GPS tracking in a couple of different fields and decided to do some research on patrol car GPS devices.