An occasional column by Gabe Nelson, Automotive News' D.C. correspondent, analyzing the auto industry's relationship with Washington.
Car hacking: Remote possibility, looming fear
WASHINGTON -- In a world in which hackers track computer keystrokes to steal credit card numbers and the government snoops on phone calls and e-mails, it's not so hard to imagine a laptop-wielding bad guy remotely wresting control of a car and wreaking havoc.
Car hacking has become a staple of Hollywood action movies, such as this year's Fast & Furious 6, in which the villains take over cars' electronics in order to crash them. It is also becoming an obsession on Capitol Hill, even though there has never been a documented case of a car being maliciously hacked in the real world.
That kind of spotlight from Congress and the media could prod the industry to take the threat of hacking more seriously, but it could just as well terrify the public before the industry has a chance to do much about it.
That would be bad news for automakers, which over the next few years want to create a unified mobile communications network, a so-called Internet of cars, to help prevent crashes and deliver a host of new in-vehicle services.
For automakers, the heat is on. Just last week, U.S. Sen. Ed Markey, D-Mass., sent letters to the chiefs of 20 major auto brands, asking dozens of questions about how they plan to protect cars against breaches once large numbers of Wi-Fi-enabled vehicles start talking to one another and connecting to online services, as computers do.
"As vehicles become more integrated with wireless technology," Markey wrote in his seven-page letter, "there are more avenues through which a hacker could introduce malicious code and more avenues through which a driver's basic right to privacy could be compromised."
"As vehicles become more integrated with wireless technology, there are more avenues through which a hacker could introduce malicious code and more avenues through which a driver's basic right to privacy could be compromised." U.S. Sen. Ed Markey in a letter to auto brand chiefs
Hacking cars is certainly possible. One video released this year by Forbes magazine shows two researchers, Charlie Miller and Chris Valasek, jerking the steering wheel and honking the horn of a Toyota Prius as a helpless Forbes correspondent tries to drive it.
For this, the researchers hooked up a laptop to the car's central computer and used it to commandeer the instrument panel and certain mechanical functions. More than 1 million people have watched the video on YouTube.
Other researchers have shown they can intercept the wireless signals used in tire pressure monitoring systems. And this summer, researchers at England's University of Birmingham delayed the release of a paper showing the anti-theft systems used in Volkswagen Group vehicles were vulnerable. Volkswagen had sued to stop them.
While the risk of a car being hacked may be tiny compared with the risk of a crash or theft, it draws a disproportionate share of public attention in an era of electronic surveillance by the government and cyberattacks from around the globe.
That's understandable. Crashes and thefts are old and well-understood risks. They rarely dominate the news (unless a movie star was involved).
Car hacking, on the other hand, is a new and unfamiliar risk. And the discomfort surrounding it is growing fast. Automakers and regulators say they are hard at work on the issues raised by Markey and other privacy advocates; the engineering group SAE International and the U.S. Council for Automotive Research have formed committees on cybersecurity.
Automakers and the Pentagon are also convening "hackathons" in which benevolent hackers are asked to detect potential security vulnerabilities in cars.
But in the quest to create an Internet of cars, the challenge will be as much psychological as it is technical. The hardest part may be putting to rest people's fears that their cars could be hijacked and turned against them, or that some faraway miscreant could take control of a minivan full of children and send it plummeting off a bridge.
So long as that specter remains in the public imagination, automakers will have to keep fielding questions from Washington.
You can reach Gabe Nelson at email@example.com.