Skip to main content

For connected cars, improved functionality means gaps in the armor

Tesla Model S interior
Image used with permission by copyright holder
Every year, our cars inch closer to becoming rolling smartphones, and while we revel in the opportunity to link our devices, communicate with our circles, and update our preferences on the fly, the windows of opportunity for hackers grow with each advancement.

To showcase the vulnerabilities of the connected car, two security experts in Missouri recently took control of a Jeep Cherokee as it drove down the highway. You’ve heard of hackers commandeering door locks and sound systems before, but Chris Valasek and Charlie Miller were able to hijack the vehicle’s Unconnect infotainment system and manipulate the brakes, engine, and transmission with a couple laptops in a living room.

Recommended Videos

The Uconnect experiment wasn’t the first time a car has been hacked, and it certainly won’t be the last, but perhaps more stringent regulations can cut down on incidents like these in the future.

Please enable Javascript to view this content

The Security and Privacy in Your Car Act (SPY Car Act), a Senate bill recently proposed by Senators Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.), hopes to do just that, and we reached out to industry experts to get their take.

One authority we spoke to was Mahbubul Alam, the chief technology officer for Movimento Group. Movimento specializes in over-the-air software updates and connected cars, and the company’s latest offering can update any OBDII vehicle’s operating system wirelessly once the client has been installed. For Alam, keeping hackers out is all about redundancy.

“Security is a constant rate race,” he said. “You just have to be ahead of those hackers, that’s the race, and it’s a lifelong race.”

“Since [Movimento] can update all the ECUs, we are also monitoring those ECUs,” he continued. “The way that the ECUs work in a nutshell, there is an operational mode and there is a programming mode. If someone is trying to set the ECU into programming mode, and it is not authorized by the Movimento client or the cloud manager, we will block it and report it back. The car will continue to operate there will not be any change. We can do that within 10 milliseconds, and the ECU typically takes longer than that [to react].”

While companies like Movimento pride themselves on their safeguarding abilities, it appears that mainstream automakers have fallen behind, as the technologies and talents of hackers have zeroed in on the weaknesses of the modern connected car. Legislators and pundits around the world are echoing Markey and Blumenthal’s concerns, but few are closer to the issue than the men who sent the Jeep Cherokee helplessly rolling to a stop.

“We feel that as cars become more connected, software security becomes more important,” Valasek and Miller said in a statement. “In addition to robust, well-tested software, technology for monitoring, logging, detecting, and possibly stopping attacks should also be implemented.”

Andrew Hard
Former Digital Trends Contributor
Andrew first started writing in middle school and hasn't put the pen down since. Whether it's technology, music, sports, or…
Global EV sales expected to rise 30% in 2025, S&P Global says
ev sales up 30 percent 2025 byd sealion 7 1stbanner l

While trade wars, tariffs, and wavering subsidies are very much in the cards for the auto industry in 2025, global sales of electric vehicles (EVs) are still expected to rise substantially next year, according to S&P Global Mobility.

"2025 is shaping up to be ultra-challenging for the auto industry, as key regional demand factors limit demand potential and the new U.S. administration adds fresh uncertainty from day one," says Colin Couchman, executive director of global light vehicle forecasting for S&P Global Mobility.

Read more
Location data for 800,000 cars exposed online for months
VW logo.

A data leak led to around 800,000 Volkswagen (VW) electric vehicles (EVs) having their location exposed online for several months, according to a report by German news magazine Der Spiegel.

The global incident impacted owners of EVs from VW, Audi, Seat, and Skoda, with real-time location showing for the affected vehicles, whether they were at home, driving along the street, or, in the words of Der Spiegel, parked “in front of the brothel.”

Read more
Faraday Future could unveil lowest-priced EV yet at CES 2025
Faraday Future FF 91

Given existing tariffs and what’s in store from the Trump administration, you’d be forgiven for thinking the global race toward lower electric vehicle (EV) prices will not reach U.S. shores in 2025.

After all, Chinese manufacturers, who sell the least expensive EVs globally, have shelved plans to enter the U.S. market after 100% tariffs were imposed on China-made EVs in September.

Read more