A report on Motoring.com.au shows how the general consensus among manufacturers, specifically Merdeces-Benz and Audi, are that the reason why that particular vulnerability remained open and exploitable was because of poor decisions.
Those decisions have resulted in the United States Senate mulling over the passing of a new automotive anti-hacking bill while Fiat Chrysler rushes to deliver a software patch to their vulnerable vehicles, which remains an uphill climb as their system does not allow over-the-air deployable updates.
This means hundreds of thousands of vehicles are still, theoretically, open to hackers who can take control of said cars remotely, even disabling it and steering it if they so choose. The two professional hackers were able to disable the transmission while a journalist was driving the car down the highway, bringing it coasting to a standstill.
The bill would require US-built cars that have any sort of internet connection to have a certain levels of security, which would affect European marques who operate US-based factories. It also mandates real-time monitoring of hacking attempts and a constantly up-to-date list of new threats – kind of like a pre-installed antivirus.
Back to Audi and Merdeces. The report says they insist that their implemented countermeasures ensure such vulnerabilities aren’t allowed to reach consumer vehicles. Furthermore, internet-connected components of the car are hardwired separately from other parts of the car, particularly the electronics that control the mechanicals.
Audi, in particular, pointed to its regular practice of using professional hackers to test the security levels of their electronics to make sure exactly what happened with that Jeep Cherokee could not happen one of their systems.
“We pay companies to take our cars away to hack them, before they get to production. We give them our cars and say ‘Take as long as you want but please try to attack it, in whatever way you can’, said an Audi executive.
Mercedes-Benz, meanwhile, are heavily invested in both autonomous and semi-autonomous driving technologies, a field where the consequences of a successful attack would be much worse. However, the Jeep hacking scandal has reportedly not deterred their efforts or resolve.
Speaking about their current in-car systems, a senior Daimler engineering executive said: “There is no way you could hack a Mercedes-Benz from outside the car. The only ways into the core systems are with a normal on-board diagnostic system from the dealership or workshop,”
“You can’t really hack it. You have a control gateway and you have to go through that.”