Chrysler Vehicle Hack’s Aftermarket Ramifications
In July, two veteran digital security experts hacked the Uconnect infotainment system on a Jeep Cherokee, a stunt that allowed the hackers to turn on and off the windshield wipers, adjust the stereo and air-conditioning, and, in the end, cut the transmission and brakes of the vehicle, leaving the Jeep—and its driver—in a ditch.
It wasn’t malicious; it was part of an arranged demonstration, documented in an article in WIRED magazine. The article’s writer, Andy Greenberg, was the driver. The hackers, Charlie Miller and Chris Valasek, did so to indirectly help automakers identify and fix security threats in their vehicles.
Still, the fallout was great.
Fiat Chrysler Automobiles (FCA) issued a recall of 1.4 million vehicles as a result of the research, and released a “patch” for the vulnerable code, given to vehicle owners in a USB stick. Other automakers were thought to be vulnerable as well, according to a report issued by the National Highway Traffic Safety Administration (NHTSA).
Congress has stepped in, too. On the day of the article’s release, the Senate Commerce Committee held a hearing on the Internet of Things, a meeting in which a pair of senators announced legislation that would help the NHTSA and the Federal Trade Commision establish federal standards for vehicle data security.
And consumers? According to a survey from Kelley Blue Book, 72 percent are aware of the Jeep-hacking incident, and 78 percent believe vehicle hacking will be a significant problem in the future.
“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller, one of the hackers, says in the story. “This might be the kind of software bug most likely to kill someone.”
But let’s slow down a minute, says Donny Seyfer, chairman of the Automotive Service Association and one of the automotive aftermarket’s foremost experts in telematics technology. Seyfer, who co-owns a shop in Colorado, has worked with a number of organizations on telematics research in the past and has run the ASA’s Technology and Telematics Forum the last two years at the NACE/CARS Expo and Conference.
Seyfer says vehicle hacking (or, at least, the potential for it) is an aftermarket issue, and your shop needs to be part of the solution.
“Part of the message here is that not only are we seeing some of this but some of this stuff is getting a little bit overblown by the media,” Seyfer says. “Some people are getting a little carried away: ‘You’re getting hacked and you’re going to die.’ It might not be at that level, but it is a concern.
“What we can do is play the role of educator [to our customers], be a resource, and build that relationship as a trusted expert and the person to go to for questions and problems.”
CHRYSLER AND THE HACKING THREAT
The attack on the Jeep Cherokee was years in the making—a project Miller and Valasek spent their complete time and resources investigating.
—Donny Seyfer, chairman, Automotive Service Association
The vulnerability occurred in Uconnect’s reliance on Sprint’s cellular network, something that Fiat Chrysler Automobiles says has been corrected. By the hackers’ own research, they estimated that nearly 471,000 vehicles on the road today could have been vulnerable to this attack or a similar one.
But the threat isn’t limited to FCA vehicles. From roughly a year’s worth of research and poring over vehicle schematics, Miller and Valasek said in the WIRED report that the 2015 Cadillac Escalade and 2014 Infiniti Q50 were nearly as vulnerable as the 2014 Grand Cherokee the demonstration was performed on.
Automakers have stated that they welcome the information, and are constantly working to improve their systems. The recent Kelley Blue Book study demonstrates that consumers are less than optimistic this will actually happen.
“Consumers are highly skeptical that a comprehensive solution to prevent vehicle hacking can ever be developed, though an overwhelming majority would be willing to pay for hack-proof vehicle security if it existed,” Karl Brauer, senior analyst of Kelley Blue Book, said in a statement.
WHAT YOU CAN DO
The majority of consumers are in the dark on these issues, Seyfer says, many feeling they don’t have an expert, unbiased source to turn to with questions and help.
That’s where your shop comes in.
“Just think of the patch that was sent out to [FCA vehicle owners],” he explains. “It’s on a USB drive and [the vehicle owner] has to figure out how to get it installed or bring it to a dealer. Why can’t you be the one they go to?”
That’s just one obvious example, Seyfer says, but the advice he’s giving is to become a valued resource for your customers. Mine your database, he says, and reach out to your customers about it. Let them know you can install the updates. Hold free meetings at your shop to relay critical information and educate them.
According to the Kelley Blue Book study, 47 percent of vehicle owners would go to a dealership “immediately” if they knew they had to install a security patch to protect their vehicles from possible hacking. So, Seyfer asks: Wouldn’t you rather they come to your shop?
“There’s an opportunity there to tell them that this is not only a simple software update, but also that things can happen in the future that can’t be anticipated,” he says. “The message is that it’s more important now than ever to stay in tune with your vehicle.
“Vehicles are not standalone entities anymore. When you shut them off, there’s still something going on in there—and when you’re driving it as well. The technology needs to be monitored and updated, and they need someone to guide them through it. Be that person.”