Security fears could put a dampener on future self-driving cars after hackers showed they could wirelessly take control of hundreds of thousands of US-built cars built by FCA, owners of the Fiat, Jeep and Chrysler car brands.
The United States Senate is even chewing over an automotive anti-hacking bill as FCA has scrambled to deliver a software update.
FCA hastily released a software update after two professional hackers showed Wired magazine they could use a laptop from their own homes to take over a 2014 Jeep Cherokee as a reporter drove the car.
The two hackers, Charlie Miller and Chris Valasek, allowed journalist Andy Greenburg to drive the Cherokee before remotely turning on the windscreen washers and wipers, cranking up the sound system, shutting off the engine on a highway, taking control of the steering wheel and disabling the brakes.
They notified FCA of the vulnerability in the Uconnect infotainment system in the US-built cars, and drew the car firm’s ire by planning to release part of the code at a security conference next month in Las Vegas.
Part of the reason for FCA’s anger is that its technology does not allow it to “push” updates to customer cars over the internet, so needs owners to visit a website or go to a dealer to download the security patch.
Yet both Audi and Mercedes-Benz say they remain unconcerned, insisting their security development is at a different level to the potentially impacted Chryslers, Dodges, Rams and Jeeps.
“Safety-critical systems get a lot of work from us,” Audi’s head of electronics Rick Hudi said, while Mercedes-Benz insisted there was no way their cars could be hacked from the outside.
The two German premium carmakers have insisted it’s not possible today to use the internet connectivity of their cars to hack into its control systems. Audi, pointedly, regularly uses professional hackers to test their electronics security work, Hudi admitted.
“When we think we are at the point where the concepts are right, we regularly pay people to hack them,” Hudi said over the weekend.
“We pay companies to take our cars away to hack them, before they get to production. We give them our cars and say ‘Take as long as you want but please try to attack it, in whatever way you can’.
“Basically we tell them they can use all ways available including straight vandalism to get access to control the car’s electronic systems. For what I can see, that’s the best way to improve security.
And, he admits, the hackers have shown Audi ways to defend its cars and driver in the past.
“We have learned from that how to increase the safety mechanisms. They gave us some valuable points which levels can be improved.
“Connectivity is a way of life, but the systems are not the same as the car’s systems. There is networking as one point and the other is how you do your modularity and scalability and safety functions across the system.”
While the Jeep hacking scandal has caused widespread public concern, it hasn’t slowed Mercedes-Benz’s push for autonomous and semi-autonomous driving, according to the company’s head of transmissions.
“There is no way you could hack a Mercedes-Benz from outside the car,” a senior Daimler engineering executive said.
“The only ways into the core systems are with a normal on-board diagnostic system from the dealership or workshop.
“You can’t really hack it. You have a control gateway and you have to go through that.
“Even when you have a remote start, there is a link there from the phone. Mercedes Me can open the doors of the car, but this is only for unlocking the doors, not starting the engine or driving away or disabling safety features.
“We have a server that every data stream has to go through and we work very hard on that security,” he said.
That hasn’t stopped two US Senators from introducing a bill to mandate minimum levels of security for cars that have any kind of internet connection.
The bill, which would ultimately affect all US-built cars exported to other markets, including those from Mercedes-Benz and BMW’s US plants, wants real-time monitoring of hacking threats and attempts on cars.
One of the drafting senators polled 16 carmakers on security policies earlier this year and found inconsistencies and vagueness on data collection from telematics, internet connectivity and security threats
Senator Edward Markey also wants to give drivers the ability to disable data collection for vehicle tracking and marketing reasons, and banning carmakers from cancelling navigation systems for drivers who opt out.
He also demands carmakers put stickers on cars to explain internet security measures in “clear and plain” language.