The vehicle, driven by a reporter covering the hack, wound up in a ditch. The day the story broke, Fiat Chrysler recalled 1.4 million vehicles, all of which require a software update through a physical connection – either a USB stick or dealership OBD-II equipment.
Another connected car take-over by the U.S. Defense Advanced Research Projects Agency (DARPA), demonstrated on an episode of 60 Minutes, led to a scathing US Senate report issued by Senator Edward J. Markey (D-Mass) last February. Based on surveys sent to major automakers, Markey’s study found that, while automakers had fully embraced car connectivity, they had not fully addressed the security or privacy issues raised by these vehicles.
Markey and fellow Senator Richard Blumenthal (D-Conn) jointly introduced legislation called the “Security and Privacy in Your Car Act” (SPY Car Act) on the same day the Jeep hack was announced. This bill would require the US National Highway Traffic Safety Agency (NHTSA) and Federal Trade Commission (FTC) to establish Federal standards for vehicles that protect driver safety and privacy.
You don’t have to be DARPA
It turns out you do not need lots of smart engineers and a limitless budget like DARPA to hack the connected car. Last summer, a 14-year-old student stunned auto executives by hacking a connected car with only a couple of days training, $15 in Radio Shack components, and a soldering iron at the Batelle AutoCyber Challenge.
While the kid’s hack did not penetrate the car’s drivetrain, it was still an impressive demonstration not only of young talent but also how far connected car systems have to go to catch up with the technological sophistication of the systems with which they interface – and the threats those systems expose.