A 14-year-old boy may have forever changed the way the auto industry views cyber security.
He was part of a group of high-school and college students that joined professional engineers, policy-makers and white-hat security experts for a five-day camp last July that addressed car-hacking threats…
With some help from the assembled experts, he was supposed to attempt a remote infiltration of a car, a process that some of the nation’s top security experts say can take weeks or months of intricate planning. The student, though, eschewed any guidance. One night, he went to Radio Shack, spent $14 on parts and stayed up late into the night building his own circuit board.
The next morning, he used his homemade device to hack into the car of a major automaker. Camp leaders and automaker representatives were dumbfounded. “They said, ‘There’s no way he should be able to do that,'” Brown said Tuesday, recounting the previously undisclosed incident at a seminar on the industry’s readiness to handle cyber threats. “It was mind-blowing.”
Windshield wipers turned on and off. Doors locked and unlocked. The remote start feature engaged. The student even got the car’s lights to flash on and off, set to the beat from songs on his iPhone. Though they wouldn’t divulge the student’s name or the brand of the affected car, representatives from both Delphi and Battelle, the nonprofit that ran the CyberAuto Challenge event, confirmed the details…
“It was a pivot moment,” said Dr. Anuja Sonalker, lead scientist and program manager at Battelle. “For the automakers participating, they realized, ‘Huh, the barrier to entry was far lower than we thought.’ You don’t have to be an engineer. You can be a kid with $14.”
She described the breach as more of a nuisance attack, and emphasized that, in this case, no critical safety functions, like steering, braking or acceleration, were compromised. But the incident underscored just how vulnerable cars have become.
None of this is geek news. Nor is is there any surprise to this display of auto industry leaders’ ignorance of the vulnerability of their tech, the sophisticated toolkits of hardware and software available to even kid-level hackers.
European manufacturers experienced something similar a few years back and revised their engineering designs to match reality. Some more successfully than others, some less so. Why American corporate leaders didn’t pay attention and learn speaks to how parochial, insular, most Americans are. Another part of that corporate [and political] personality is native to imperial populations. If you have the most power you think you must also know best how to do anything.
In fact, reality, especially when much of your culture is well past its peak, contradicts that belief.