The Central Paradox of The Internet Of Things: Connected Means Less Secure

In a widely reported stunt this summer, two hackers — Charlie Miller and Chris Valasek — were able to control the air-conditioning, radio, and windshield wipers of a Jeep Cherokee being driven by Wired’s Andy Greenberg. And after fooling with those more-or-less peripheral capabilities, the hacker duo cut the transmission, and the car crawled to a stop on a highway on-ramp, scaring the author half to death and establishing the insecurity of wired and smart automobiles.

And this trickery was accomplished wirelessly, reaching through the Fiat Chrysler Uconnect system, which can enable anyone who knows a car’s IP address to patch through the car’s entertainment system to the adjacent chip in the car’s head unit. The car’s internal computer network — the CAN bus — was used to rewrite the firmware in the car, and the exploit seems to work with any Chrysler vehicle with Uconnect from late 2013, 2014, and early 2015.

While the hackers have only tried the truly devastating hacks — shutting down the brakes or transmission — on Jeeps only, they believe that any vehicle could be attacked in a similar fashion.

It’s been estimated that there will be 50 billion devices connected to the Internet by 2025: a dizzying array of traffic lights, smartwatches, office lighting systems, home appliances, medical equipment, and automobiles. Miller and Valasek have shared the details of their exploit with Chrysler, and we can hope that they — and the manufacturers of other cars — begin to increase the security of the systems before someone winds up crashing into a bridge stanchion at the hands of a more malevolent hacker. To date, the only solution seems to require a patch from Chrysler, and has to be introduced to the car by a mechanic or through a USB stick. This means that few — if any — of the affected cars on the roads are going to be patched.

Security expert Cesar Cerrudo — in an exploit out of the script of a Die Hard movie — has reported his success in hacking into municipal traffic light systems, which — like Miller and Valasek’s exlpoit — relies on being able to tap into an unprotected network that links traffic lights. He could, he says, override signals and turn all the lights red, and shut down carefully calibrated traffic patterns. In 2006, Los Angeles traffic engineers hacked traffic lights at four intersections during a labor strike, which demonstrates that committed parties — activists or terrorists — could disrupt major cities with relative ease.

Part of the problem in this case is that the traffic networks rely on unencrypted communications — which makes things easier for engineers working on the system — but which leaves them open to hackery.

But the challenge for automobile security may not be the openness of the systems, paradoxically, but the secrecy surrounding car software: the manufacturers restrict access to the millions of lines of software running on cars these days, effectively blocking researchers from being able to understand how the systems work.

The recent scandal at Volkswagen may become the poster child for automotive software complexity and secrecy concealing the nefarious intentions of the car manufacturer. The company created a so-called ‘defeat device’ to conceal significantly higher levels of nitrogen oxide emissions than permitted: as much as 40 times higher. This was concealed in the software on the Volkswagen automobiles, which was written so that during testing the cars performed within legal tolerances, while on the highway the cars had improbable performance: the now totally suspect ‘clean diesel’ performance envelope.

Because manufacturers limit access to their code, it can’t be examined or analyzed easily. And in some cases, where courts have demanded access, the code is so complex or bug-ridden that it may be impossible to determine exactly what the coders actually intended. In one such case, experts who examined the source code of Toyota’s electronic throttling system found that it did not meet the company’s own standards for programming and protocols. It was ‘spaghetti’ one expert said. And that code led to Jean Bookout crashing her 2005 Camry into an embankment in Oklahoma, killing her passenger, Barbara Schwartz, after the car accelerated unexpectedly.

Checking all the code in all the cars in the world may be an impossible task. Modern high end automobiles have tens of millions of lines of code in them. And compounded by the exploding Internet of things — traffic systems, medical devices, intelligent appliances, and drones — universal code inspection is unfeasible. However, many eyes might help discover intent of the sort concealed in Volkswagen source code, if the millions of VW owners had access to it. And there may be a growing need for artificial intelligence to accomplish this, over and above the crowdsourcing approach. One thing is certain: in a world growing dependent on the functioning of billions of connected devices, we need to be able to simultaneously lock them down and open them up.