Doubts about a draft anti car hacking law

Pierluigi Paganini May 01, 2016

Doubts about a couple of draft anti car hacking laws, they could create serious problems with innocent drivers and cyber security experts.

Car hacking is a scaring reality, modern vehicles use a huge quantity of connected components that could be easily compromised knowing the communication protocol used by principal vendors.

The interest in car hacking gained a high profile last summer when the popular hackers Miller and Valasek hackers remotely hacked a Jeep Cherokee SUV on a St. Louis highway on behalf of the Wired magazine. The hackers exploited security vulnerabilities in the wireless vehicle systems that automakers hope eventually will allow vehicles to communicate with each other.

The car vendor recalled 1.4 million vehicles for a software upgrade after the security duo disclosed the results of their experiment.

jeep cherokee remote-hacking

Two state senators in Michigan, Mike Kowall (R-White Lake) and Ken Horn (R-Frankenmuth), have proposed a law framework (SENATE BILL No. 927, SENATE BILL No. 928) that addresses car hacking with laws that promise life imprisonment for hackers.

Ironically also security researchers that investigate car hacking techniques stand outlaw.

The two draft bills state that anyone who repeatedly attempts to “intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorized control of the motor vehicle,” is committing a crime and risks the jail.

“I hope that we never have to use it,” said Kowall. “That’s why the penalties are what they are. The potential for severe injury and death are pretty high.”

Charlie Miller expressed his doubts about the new law and highlighted the problems it would cause to the security community.

The law forbids any manipulation of car firmware, even by the car owners.

There is no doubt about the necessity to carefully address cyber security issues in the automotive industry, but let me hope that in the future the experts from the cyber security industry will work together to approach the technical aspects of a law framework that will cover the car hacking.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – car hacking, connected cars)



you might also like

leave a comment