Skip to main content

Lawmakers, Citing Old Technology, Claim Concern Over Hacking

Four Republican lawmakers, citing concern over vehicle hacking, have asked the National Highway Traffic Safety Administration to launch a major effort to thwart potential auto hacking threats.
Posted: September 14, 2016 - 6:57PM
Author: Marc Stern

A quartet of Republican congressmen, apparently feeling a threat no one else is perceiving, has begun pressuring the National Highway Traffic Safety Administration (NHTSA) to launch a major effort to thwart vehicle computer hacking. The four, citing a Wired magazine article from July 2015, sent a letter to the agency requesting the effort.

The request comes more than a year after the magazine Wired published the work of a pair of white-hat hacker/researchers who showed they could take over a 2014 Jeep Grand Cherokee, causing its systems – lights, horn, power brakes, transmission, power windows and the like – to turn on and off. The report in the magazine, by the way, was written by an author who was cooperating with the researchers.

DARPA Research Grant

The researchers, Charlie Miller and Chris Valasek, purchased the Grand Cherokee with grant funds from the Defense Department’s DARPA program. The grant was awarded to further their research into the automotive hacking and its prevention. Miller and Valasek, who used a weakness in Fiat Chrysler Automobiles’ Uconnect software, to exploit the Jeep’s Car Area Network (CAN), worked closely with Fiat Chrysler, sharing their work. Fiat Chrysler did patch the system. The only issue was installation of the patch which required a physical connection to the Jeep such as the USB port.

Now, more than a year after the pair of white hat hacker/researchers, conducted their exploit, the quartet of House members has become concerned. That a pair of senators, Sen. Ed Markey, D-Mass., and Robert Blumenthal, D-Conn., has already introduced similar legislation seems to have escaped the GOP lawmakers. That the House members, in their letter to the agency, quoted as gospel the fact that the hack came through the diagnostic port shows the lawmakers have not kept up with their technology. Miller and Valasek used an older cellphone – not even a smartphone – and a MacBook to connect to the Internet and conducted their exploit miles away from the Jeep.

The lawmakers expressed concerns to the safety agency that the researchers were able to force the Jeep Grand Cherokee, a Fiat Chrysler-manufactured vehicle, to perform in an “erratic and unsafe manner.” The author of the letter, Rep. Fred Upton, R-Mich., chairs the House Energy and Commerce Committee. His message, co-signed by three other Republican lawmakers, said the diagnostics port “as it currently exists creates a growing risk to the safety and security of passengers.” The diagnostic outlet is also known as the OBD-II port.

NHTSA Plans Cybersecurity Guidelines

While NHTSA didn’t immediately comment on the letter, the safety agency has announced plans, working with other federal agencies, such as the Federal Bureau of Investigation, to release automotive cybersecurity guidelines soon. The level of general concern is such that late last week, the Justice Department announced the formation of a threat analysis team to study any potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools, such as Uconnect.

There have been no reported cases of vehicle hacking, at this moment.