The call for carmakers to get serious on cyber security reaches a fevered pitch in Las Vegas, as GM’s 4G free pilot gets off to a soaring start. Andrew Tolve reports.
In this week’s Brief: DEF CON, Black Hat USA, Charlie Miller, Chris Valasek, Jeep Cherokee, Infiniti, Cadillac, Dodge, Audi, Honda, SRLabs, I Am The Cavalry, GM, AT&T, CNET, Uber, Hertz, iTunes, Google Play and Dash.
Cyber security came to the fore as hackers, computer security experts, journalists, researchers and federal employees descended on Las Vegas for a pair of annual hacker conventions: DEF CON and Black Hat USA. The connected car proved part of the conversation at both, where hackers and researchers alike painted modern cars as computers on wheels rife with dozens of potential attack points for hackers.
Charlie Miller and Chris Valasek, the cyber security researchers who last year at DEF CON explained how hackers could launch dangerous attacks on cars (e.g. by manipulating the brakes of a moving Prius and Ford Escape), were back at it this year at both DEF CON and Black Hat. The two presented A survey of remote automotive attack surfaces, which included a review of the 20 most hackable car models. Miller and Valasek drew up the list based on criteria like the total number of remote access technologies in a car that hackers could potentially exploit (Bluetooth, WiFi, etc.). The unlucky winners of “most hackable:” Chrysler’s 2014 Jeep Cherokee, Nissan’s 2014 Infiniti Q50 and General Motors 2015 Cadillac Escalade. The 2014 Dodge Viper, Audi A8 and Honda Accord were ranked as “least hackable.”
In another presentation dubbed “BadUSB” at Black Hat, two researchers based out of SRLabs in Berlin discussed how USB keys were fundamentally compromised when it comes to being vulnerable to hackers and malware, and noted that plenty of in-car connectivity offerings from both aftermarket suppliers and carmakers depend on USB solutions for data transfer. USB.org claims that USB keys can be buffered against attacks if manufacturers build in extra security, but the Berlin-based researchers said that was bonkers, arguing that any solution, in-car or not, that relies on USB is “critically flawed.”
I Am The Cavalry, another computer security research group, published an open letter at DEF CON exhorting every carmaker to step up and make cyber security a foremost priority. The letter celebrates the auto industry for stepping up to security challenges in the past but says that it’s been lackadaisical in responding to cyber threats.
“The once distinct worlds of automobiles and cyber security have collided,” the letter states. “In kind, now is the time for the automotive industry and the security community to connect and collaborate toward our common goals. When the technology we depend on affects public safety and human life, it commands our utmost attention and diligence.”
In other news, GM revealed that since starting to ship cars with AT&T 4G LTE radios embedded inside, 98% of customers have jumped at the offer of a three-month free trial. The real acid test will come once the three months are up and customers have to decide whether to pay $10/month or cut anchor. For now, though, Mary Chan, president of GM’s global connected consumer business, couldn’t be happier. “It’s a scary high acceptance rate for the trials,” she told CNET.
On the app front, ridesharing service Uber updated its Rider app to make it quicker and easier to enter a destination into the rider app, and the driver automatically sees what a user has entered at pick-up time, meaning you can skip the step where you tell the driver where you’re going. Uber also updated its Driver app with turn-by-turn navigation to the destination you’ve provided.
Rental car giant Hertz unveiled a companion app to its popular NeverLost in-car system, which illuminates points of interest for destinations around the U.S. and directions to those POIs via in-car navigation. The new mobile app, available for free on iTunes and Google Play, includes city guides and detailed walking and driving directions optimized for the smartphone layout — hi-res images and audio descriptions to preview locations and horizontal and vertical swiping to peruse destinations.
Finally, Dash — the popular ODBII dongle-smartphone combo that feeds information to drivers about their fuel efficiency, vehicle diagnostics, and driving habits and rates their trips — debuted its app on the iPhone. The app launched earlier this year on Android. The dongle component of Dash is available from $10 and up on Amazon.
The Weekly Brief is a round-up of the week’s top telematics news, combining TU analysis with information from industry press releases.
Andrew Tolve is a regular TU contributor.