Demonstrating that it is possible to hack into a vehicle and take over the control is frightening. Many drivers will ask themselves “can such a horrible thing happen with my car?” As usual, the European car industry from Audi to Volkswagen remits on its high safety standards, without however disclosing too many details. Also the two US hackers did not exactly explain how they achieved their hack.
However, we remember that they made public some time ago a similar orchestration: The same duo, Chris Vasalek and Charlie Miller, hacked into vehicles via the OBD-II diagnostic interface. Their approach however presupposes that the hacker has physical access to the car. To put it bluntly, this is as if one would have to steal a car first, before being able to manipulate it. Not a very convincing approach, in my opinion. Even their current hack to the Jeep so far has not been documented towards real professional experts. We therefore do not know how realistic the threat is and which tampering with the vehicle may have been necessary to stage their show. What we suspect is that the two master hackers certainly are also master of self-promotion.
Nevertheless, their wake-up call was right and on time. It is not unlikely that vehicle connectivity will likely bring forth more such headlines in the future unless the vehicle industry does establish the toughest security standards available in the IT industry without however reinventing the wheel. And these measures should be documented and published. Security through obscurity is a proven dysfunctional approach. EE Times Europe has reported early on such subjects and will continue to do so – sound and without sensationalism.
Connected car: Where security threats meet new business opportunities