WASHINGTON — It was a dramatic demonstration of a newfangled problem: Two hackers remotely took control of a Wired reporter’s Jeep Cherokee through its wireless technology and messed with everything from the air conditioning and music to the steering, brakes and transmission.
It’s pretty scary to think that someone could send you off the road and into a ditch (as happened to Wired’s Andy Greenberg (who volunteered for the test and wasn’t hurt), but Washington Post national technology reporter Craig Timberg says that’s not really the problem — at least not yet. Unless you’re the head of a multinational corporation, or a head of state, you don’t need to worry about that kind of attack right now, he told WTOP on Thursday morning.
Still, bad stuff is coming, he says.
“Cars are computers; computers are hackable, so sooner or later, I think bad things are going to start happening. It’s just a matter of when and where, and to whom.”
Cars have had computers for decades, but the advent of automotive wireless technology has opened up many more of what Timberg calls “attack surfaces” — opportunities for attackers to hack, such as entertainment systems, Bluetooth systems, tire pressure monitors and more.
But it’s also true that car companies are wising up, and security measures are in place that weren’t there on cars just a few years ago.
“Things are really moving in both directions at the same time,” Timberg says.
So is a hacker going to cause a 30-car pileup on the Capital Beltway anytime soon? Timberg says that kind of attack is doubtful: Cars have too many different kinds of software for that kind of massive hack to happen yet. He adds that there probably aren’t a lot of people who have both the motive and the technical skills to make it happen.
“I think the likeliest scenario is that we’ll see cars getting shut down,” similar to the computer hacks that result in users getting messages to send a certain amount of money to get their computers unlocked, Timberg says.
Car companies are working together to combat the hackers, but Timberg warns that companies “don’t really, really know how to secure them until bad things start happening.
“We saw that all throughout the ‘90s — security researchers were waving their arms, saying, ‘You’re got a real problem with the World Wide Web. This Internet thing is gonna be awesome, but it’s gonna cause a lot of insecurities.’ I think that’s where we are now. The day of car hacking is coming; it’s just not clear how far away it is yet.”