Avigael C. Fyman, Partner, Rivkin Radler
In a recently issued report, titled “Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off,” Consumer Watchdog, a nonprofit consumer advocacy organization, warned that millions of internet-connected cars already on the roadways may be dangerously vulnerable to hacking. While fully autonomous self-driving vehicles may be years away from widespread use, many of the top-selling models today have internet capabilities, including the ability to control your car using a smartphone app, voice assistant integration with Amazon’s Alexa and the ability to provide updates to the car’s software over the air.
Industry technologists and engineers have warned that many cars’ infotainment systems are connected to the internet through a cellular connection and are also connected to the vehicle’s critical systems, such as engines and brakes. This design could enable hackers to control a vehicle’s operations remotely over the internet, issuing commands from miles away.
While automakers have warned investors about the risks of a hacking incident, they have not, Consumer Watchdog cautioned, taken sufficient steps to protect against those risks. Notably, automakers make use of open-source software platforms, such as Linux and Android, and rely on “bug bounties” or “white hat” hackers who are paid to discover vulnerabilities. Relying on this type of testing to discover software vulnerabilities often circumvents any public disclosure, as hackers who are paid to discover vulnerabilities are often required to keep the details of their discoveries secret. While this is obviously intended to prevent anyone else from trying to exploit vulnerabilities before they are fixed, this secrecy has the added effect of keeping information regarding potential dangers out of the hands of the public and regulators.
The report raises significant concerns about automakers’ intent to use over-the-air updates to correct software problems in vehicle systems. Over-the-air (OTA) updates, which require vehicles to be remotely accessible and which can be transmitted en masse to an entire fleet of vehicles, can disrupt vehicle systems, either unintentionally or maliciously. Some problems have already occurred with OTA updates. In February 2018, a Chrysler OTA update caused some vehicle’s infotainment and other systems to be unusable, including rear-view cameras, heat, radio and navigation, while a September 2018 Tesla OTA update likewise rendered the autopilot feature on certain vehicles unusable. The fact that OTA updates can be made by automakers without monitoring by the National Highway Traffic Safety Administration likewise raises concerns that software systems may be updated without proper attention to safety.
The report discusses several potential mechanisms whereby an entire fleet of vehicles could be simultaneously hacked by malicious actors, including a direct attack over the cellular network from a laptop computer, a vehicle-to-vehicle worm, a “home base” attack on a manufacturer’s servers that can spread malware through an OTA update, use of a WiFi hotspot to spread malware, a hack of the software somewhere within a vehicle manufacturer’s supply chain, a third-party app that could be downloaded to a vehicle’s computer or a mobile device-to-vehicle attack that is transferred when a user’s phone is paired with a car. The report notes that a large-scale hack by a malevolent actor that, for example, disables brakes and airbags during the rush hour commute, could lead to thousands of deaths.
The report’s most significant recommendation is that vehicles be engineered with an “air gap” – ensuring that there is no electronic connection between the internet-connected components and the safety-critical components. With an air gap system, manufacturers would not be able to update vehicle software using OTA technology; while this is a disadvantage, Consumer Watchdog argues that this would incentivize manufacturers to engineer software more carefully in the first instance.
As such technology may take several years to develop, the report recommends that in the meantime all vehicles be removed from the cellular network, or else that manufacturers add a “kill switch” that allows every driver to disconnect their vehicle from the internet.
It remains to be seen whether concerns over the issues raised by the Consumer Watchdog report will lead legislators, regulators or the insurance industry to pump the brakes on internet connected cars. In any event, importing the Silicon Valley ethos of “move fast and break things” to the automotive industry should be tempered by appropriate attention to safety.