In July, two veteran digital security experts hacked the Uconnect infotainment system on a Jeep Cherokee, a stunt that allowed the hackers to turn on and off the windshield wipers, adjust the stereo and air-conditioning, and, in the end, cut the transmission and brakes of the vehicle, leaving the Jeep—and its driver—in a ditch.
It wasn’t malicious; it was part of an arranged demonstration, documented in an article in WIRED magazine. The article’s writer, Andy Greenberg, was the driver. The hackers, Charlie Miller and Chris Valasek, did so to indirectly help automakers identify and fix security threats in their vehicles.
Still, the fallout was great.
Fiat Chrysler Automobiles issued a recall of 1.4 million vehicles as a result of the research, and released a “patch” for the vulnerable code, given to vehicle owners in a USB stick. Other automakers were thought to be vulnerable as well, according to a report issued by the National Highway Traffic Safety Administration (NHTSA).
AWARENESS AND CONCERNS ABOUT VEHICLE HACKING72% said they are aware of the Jeep Cherokee hacking incident.41% said they will consider this vehicle hacking incident when buying/leasing their next car.78% said vehicle hacking will be a frequent problem in the next three years or less.33% classified vehicle hacking as a “serious” problem; 35 percent classified it as a “moderate” problem.58% do not think there will ever be a permanent solution to vehicle hacking.41% think pranking is the most common reason for hacking a vehicle; 37 percent think theft is the most common reason.
Congress has stepped in, too. On the day of the article’s release, the Senate Commerce Committee held a hearing on the Internet of Things, a meeting in which a pair of senators announced legislation that would help the NHTSA and the Federal Trade Commission establish federal standards for vehicle data security.
And consumers? According to a survey from Kelley Blue Book, 72 percent are aware of the Jeep-hacking incident, and 78 percent believe vehicle hacking will be a significant problem in the future.
“If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller, one of the hackers, says in the WIRED story. “This might be the kind of software bug most likely to kill someone.”
But let’s slow down a minute, says Donny Seyfer, chairman of the Automotive Service Association and one of the automotive aftermarket’s foremost experts in telematics technology. Seyfer has worked with a number of organizations on telematics research in the past and has run the ASA’s Technology and Telematics Forum the last two years at the NACE/ CARS Expo and Conference.
Seyfer says vehicle hacking (or, at least, the potential for it) is an aftermarket issue, and your collision shop needs to be part of the solution— not just the business that fixes a hacked, and crashed, vehicle.
“Part of the message here is that not only are we seeing some of this but some of this stuff is getting a little bit overblown by the media,” Seyfer says. “Some people are getting a little carried away: ‘You’re getting hacked and you’re going to die.’ It might not be at that level, but it is a concern.
“What we can do is play the role of educator [to our customers], be a resource, and build that relationship as a trusted expert and the person to go to for questions and problems.”
Chrysler and the Vehicle Hacking Threat
The attack on the Jeep Cherokee was years in the making—a project Miller and Valasek spent their complete time and resources investigating.
The vulnerability occurred in Uconnect’s reliance on Sprint’s cellular network, something that Fiat Chrysler Automobiles says has been corrected. By the hackers’ own research, they estimated that nearly 471,000 vehicles on the road could have been vulnerable to this attack.
But the threat isn’t limited to FCA vehicles. From roughly a year’s worth of research and poring over vehicle schematics, Miller and Valasek said in the WIRED report that the 2015 Cadillac Escalade and 2014 Infiniti Q50 were nearly as vulnerable as the 2014 Grand Cherokee the demonstration was performed on.
Automakers have stated that they welcome the information, and are constantly working to improve their systems. The Kelley Blue Book study demonstrates that consumers are less than optimistic this will happen.
“Consumers are highly skeptical that a comprehensive solution to prevent vehicle hacking can ever be developed, though an overwhelming majority would be willing to pay for hack-proof vehicle security if it existed,” says Karl Brauer, senior analyst of Kelley Blue Book.
What You Can Do
The majority of consumers are in the dark on these issues, Seyfer says, many feeling they don’t have an expert, unbiased source to turn to with questions and help.
That’s where your shop comes in.
Seyfer says one simple solution would be to create an information sheet, explaining the complexity of vehicles and what consumers’ cars are capable of—and the threats there are against them. The sheet could be handed out with estimates, and an estimator or customer service representative could go over it with each customer.
“You have less touchpoints with customers in collision, and it can be very difficult to build that kind of rapport,” Seyfer says. “This could be an advantageous way to reach out to them and show your expertise when they’re not necessarily expecting it.”
Seyfer says the ever-increasing technology in vehicles also shows the need for your shop to be able to handle all reprogramming issues that face your customers’ vehicles. Don’t outsource it.
And mine your database, he says, and reach out to your customers about it. Hold free meetings at your shop to relay critical information and educate them. Get in front of your customers, and become that resource for them.
“There’s an opportunity there to tell them that this is not only a simple software update, but also that things can happen in the future that can’t be anticipated,” he says. “The message is that it’s more important now than ever to stay in tune with your vehicle.
“Vehicles are not standalone entities anymore. When you shut them off, there’s still something going on in there—and when you’re driving it as well. The technology needs to be monitored and updated, and they need someone to guide them through it. Be that person.”