Hacking has suddenly become a big concern on the car business. Hackers showed a Wired reporter how they could take control of a Jeep, and now another hacker has revealed how to gain access to a Tesla Model S. Hackers have revealed a vulnerability in General Motors’ OnStar system. Where will it end?
It will never end. The arms race is officially on. The hacks that have occurred were undertaken by benevolent hackers who in some cases have been working with the automakers to refine security, reveal flaws, and develop patches.
But it’s possible that more malevolent hackers will enter the game. In fact, they may start out as bad hackers who want to go straight — and see the auto industry as a source of funding. And of course hacking a major automaker’s technology is terrific promotion for a hacker or team of hackers ahead of big cybersecurity gatherings, such as the Def Con conference being held now in Las Vegas.
The car makers have varying degrees of vulnerability. And of all of them, Tesla on paper looks like the most vulnerable of all. Elon Musk’s company has redefined the state of the art when it comes to integrating technology with the automobile. Tesla announces software updates in the same way that Apple rolls out improvements to iOS for the iPhone. And then Tesla enables owners to upgrade their vehicles’ operating systems wirelessly, over-the-air (OTA).
This practice so impressed Consumer Reports that the publication named the Model S its top automotive pick for two consecutive years. The vehicle was essentially the same. But the software updates redesigned the car, making it feel like a new model.
Traditionally automakers have in the past been fairly secretive about the software that governs vehicle and infotainment systems. So secretive in fact that I was shocked when I learned that the Jeep hack was possible because hackers were able to wirelessly access a shared software hub. I didn’t think that automakers had decided, on even a limited basis, to merge these software “silos.”
Automakers have been secretive because they don’t want anyone to plug in and hack their cars (via “hard” access ports). They want to control when and how software is updated. For them, there’s value in this process, not least because outdated technology can encourage an owner to start shopping for a new car.
Tesla, by contrast, is ahead of the curve on a wireless future. According to Wired’s Kim Zetter, Tesla developed its software systems with idea that they could someday be compromised. The existence of a cyber-threat was baked into Tesla’s thinking.
Tesla has been building cars for only about 10 years, whereas Jeep’s parent, Chrysler, has been around since the automobile was still competing for attention with the horse. Tesla is in this respect like a young person who has grown up with the internet and the mobile web — and unlike an old fogey who idea of security when it comes to cars is rolling up the windows, locking the doors, and hoping for the best.
A tech company at heart
There’s another major advantage that Tesla has over its traditionally competitors: the tech world reveres the company. It’s no secret that a lot of successful Silicon Valley types are Tesla customers. Tesla executives and Tesla engineers, on the hardware and software side, are more likely to understand cyberthreats because they’re closer to the tech world. Executives in Detroit are far away. Companies such as Ford are working to rectify this issues, by establishing research centres in Silicon Valley.
But Motown’s expertise remains bolting cars together. As we’re learning from some potential production delays to Tesla’s Model X SUV, and from the herky jerky rollout of the Model S several years ago, Tesla’s hasn’t yet nailed down the bolting-together part. But it’s on the leading edge when it comes to wireless innovation in the space.
Street cred won’t protect Tesla from cyber criminals who see it as the Holy Grail of hacks. And as Tesla matures, the high-tech side of its story will logically give way to the car making side. It doesn’t matter how awesome your OTA updates are if you can’t delivery the hardware platforms, i.e. cars, that support the software. But if anyone can either stay one step ahead of cyber threats or respond rapidly to hacks with quick, OTA patches, it’s Tesla.
A new threat
The auto industry has never really confronted a threat like the hacker attacks that have recently dominated the news. Rigging a car to do malicious things — the “cutting the brake lines” of the spy movies — has always been a direct, mechanical process. When technology has failed, or has been alleged to have failed, it’s involved systems that the manufacturers have maintained, such as the electronic throttle controls that were the focus of the Toyota unintended acceleration recalls of the 2010-11 period.
These systems predated the wireless revolution, however. “Drive by wire” has been around for 20 years. Wireless connectivity in cars hasn’t.
In the traditional industry, the reaction to hacks hasn’t been to hide from reality, but nor has it been to embrace the Brave New World. Chrysler knew about the Jeep flaw for a year and half before the media reported on the hack.
Tesla is significantly more transparent. Because software a big part of its narrative, it routinely and enthusiastically informs customers, the media, and the investment community about new features and upgrades. And when something goes awry, it comes up with a fix as soon as possible and broadcasts the improvement.
At base, although they have changed considerably in the digital age, the traditional automakers remain “closed source” about their technology. Tesla DNA has been shaped in exactly the opposite direction. It wants to hackers to expose flaws. It sees great value in an open-source approach. And it doesn’t appear to care about closely holding its intellectual property: Tesla gave away all its patents in 2014, to encourage innovation in the startup electric-car realm.
As the hacking wars come to define the auto industry in the next 10 years, Tesla will already have the perfect defence and be prepared to win. You don’t exactly join the hackers, but you don’t try to beat them, either. You keep your friends close, but your enemies closer — and you don’t always treat the enemy like they will never be an ally.