Two well-known former car hackers who were hired by GM’s Cruise Automation have a simple solution for bolstering security in the age of car connectivity: ditch as much technology as you can afford to.
“If you don’t need something, take it out,” Cruise Automation Principal AV Security Architect Chris Valasek said at a presentation at the Black Hat USA security conference last week. The fewer connections there are to a vehicle’s core computer hardware, he and his colleague Charlie Miller posit, the fewer the potential avenues of attack.
In autonomous vehicles, they say, this means that automakers can forget about Bluetooth, as occupants won’t need hands-free calling anyway. The radio, too, can be omitted as a majority of consumers will opt to listen to their phones, and sophisticated, integrated infotainment systems can be replaced by pared-down tablets isolated from the core systems in the car.
This is all rather common sense, yet as automakers have gradually begun to offer more connectivity features in automobiles, those features generally haven’t been made appropriately isolated from the vehicles’ core functions. Valasek and Miller rose to prominence in 2015 after hacking a Jeep Cherokee by reprogramming its control software using the internet, and their hack could have been configured to spread to other Cherokees on the road. News of the hack ended up leading to the recall of some 1.4 million Fiat Chrysler products, including certain Jeep Cherokee and Grand Cherokees, Dodge Challengers, Chrysler 200s, and Ram pickup and chassis cab trucks.
(Source: Yahoo! Finance)