en_ca

The VICE Channels

    If the FBI Is So Worried About Car Hacking, Why Is It Fighting Encryption?

    Written by

    Daniel Oberhaus

    Contributor

    It’s a beautiful Saturday afternoon and you find yourself in your car, bound for the supermarket. As you approach a stoplight you lightly apply pressure to the brakes, but your vehicle doesn’t slow down. Slightly more panicked now, you push the brake to the floorboard. Still nothing. Your panic reaches a fury pitch as you find yourself coasting headlong into the intersection and oncoming traffic. As the airbag explodes in your face, you can’t help but wonder how this happened—you just had the brakes checked last week.

    While this may sound like the thing of nightmares, it is a scenario that is liable to become a reality as evermore automobiles come online in the burgeoning Internet of Things (IoT). And according to its latest PSA, the FBI wants you to be prepared for the possibility of this Ballardian apocalypse.

    Although the IoT and its supply-side equivalent, Industry 4.0, hold the promise of revolutionizing everything from the way we work to the way we masticate, so far these smart, internet-connected objects have proven to be remarkably vulnerable to security breaches. In this case, internet connected automobiles (which are quickly becoming the norm among new models) are no exception.

    As the FBI announcement pointed out, a groundbreaking research paper published last August demonstrated the feasibility of remotely hacking and taking control of an automobile. The researchers involved in the project were able to do everything from disabling the vehicle’s brakes at low speeds to changing the radio station without ever being in the car or altering its factory settings.

    The vehicle used in the study was a 2014 Jeep Cherokee and the researchers successfully demonstrated that they could remotely exploit the vehicle using its user-enabled WiFi settings from up to 100 feet away. Yet by using the vehicle’s cellular carrier, the researchers were able to manipulate certain vehicular functions from anywhere within the cellular network.

    The research resulted in the recall of well over 1 million vulnerable vehicles in order to fix these vulnerabilities. Although Cherokee owners are no longer at risk of being victimized by the hacks the researchers were using to manipulate the vehicle, as the FBI’s latest PSA points out, vehicular cybersecurity is becoming an increasing concern for the agency and American motorists.

    To this end, the National Highway Traffic Safety Administration, which is responsible for regulating motor safety standards, has launched an initiative to specifically address the threats to vehicular cybersecurity. The FBI also included a number of its own safety recommendations to promote motorist safety, such as regularly checking for software updates for your car, avoiding unauthorized software modifications, and using discretion when connecting third-party devices to your car.

    Of course, strong encryption of the type the FBI has been working against in its quest to stop criminal investigations from "going dark" is precisely what is needed to prevent this type of attack.