What if driving your car exposed you to the tender mercies of online criminals the same way that using a credit card at Target last fall or trusting personal information to a Heartbleed-compromised site did?
You may already be exposed
Last year, security researchers Charlie Miller and Chris Valasek showed, using some late-model cars, that a laptop aboard a speeding vehicle could be used to steer it off the road. This week, Miller and Valasek released a follow-up study of some cars' exposure to remote attacks over the Internet that lists the models they found most and least hackable. (If you own a 2014 Dodge Viper, Audi A8, or Honda Accord, congratulations!) [Photo credit: Miller & Valasek]
More features = More risk
As more and more cars are connected to the Internet and embellished with new features, such as adaptive cruise control and parking assist that rely on software and embedded computing devices, the risk of a remote hacker killing or maiming drivers and passengers will only grow.
Have such lethal incidents occurred yet? Probably not, given the technical difficulty of pulling off such a feat. But the truth is that we don't really know. According to a group led by computer security experts, new high-tech cars lack the capability, akin to an aircraft's "black box," to gather the data needed to document and investigate such acts.
That group, a grassroots organization called I am the Cavalry, found the car industry so lacking in attention to computer security that it just published an open letter to the industry's CEOs asking them to work with computer security researchers to improve the security of new cars now -- before a disaster occurs that harms drivers, passengers, or pedestrians.
The automotive industry has often resisted calls for safety improvements, dating back at least to the publication in 1965 of Ralph Nader's Unsafe at Any Speed. In the years after that book's publication, despite that resistance, car safety in the U.S. was improved (including the requirement of seat belts in all cars starting in 1968), after which Americans' rate of auto deaths began an unprecedented decline that continues to this day.
What you can do
Want to tell the car industry to do the right thing and work with security professionals to make high-tech cars safer for you and your family? Click on and sign the above petition at Change.org posted by I am The Cavalry -- and tell your friends to do the same.
Better security is about more than just cars
Computer security is arising as a problem that can endanger you and your family for a variety of products besides cars. New gadgets for the home (e.g. Internet-connected security systems and door locks), medical devices, and our public infrastructure are all becoming more dependent on software and Internet connectivity in a society-wide development known as the Internet of Things. I'll be covering many more of the consumer safety issues raised by the technology in cars and the Internet of Things at my blog, StateoftheNet.Net.
I am The Cavalry, which is seeking nonprofit status, plans to help improve safety in all industries where the rapid adoption of technology affects public safety and human life. In the video below that I shot at a press event at this year's DEFCON conference in Las Vegas, the organization's founders, security researchers Josh Corman and Nick Percoco, explain how they have learned to adapt a popular hacking technique called fuzzing to influence manufacturers and policymakers by what they call "fuzzing the chain of influence:"