Smart technologies in modern cars could make them vulnerable to hackers, a video purports to show.
In a YouTube posting by Wired, a standard 2014 Jeep is hacked by a pair who compromise the cellular connectivity of the vehicle.
“It hasn’t been altered in any way; there are no devices attached to it, but like many thousands of Jeeps, it can be remotely hacked over the Internet,” says Wired senior writer Andy Greenberg in the video.
The hackers, Charlie Miller and Chris Valasek, appear to have no direct connection to the vehicle except the mobile network. In the demonstration they are able to show they can take control of the sound system, air conditioning, brakes and even steering.
Greenberg experiences some anxiety in the video when Miller and Valasek show that they are able to shut down the engine while he is driving on the highway with no immediate area to pull off.
The issue of security on smart cars could have serious repercussions for manufacturers in South Africa.
While the concept of fault under South African law has to be established for civil claims such as an accident, the legal framework will have some difficulty with smart technology.
“In the scenario of a hacker causing a driver’s brakes to fail, that driver would have to show that he was not at fault. In other words, the accident could not be attributed to him because part of the car (the brakes) failed to work due to an outside influence (hackers), which was beyond his control,” specialist technology attorney Russel Luck said.
However, the driver has to prove that a crash was the result of a hack, Luck added.
“The challenge for the driver would be to prove interference by the hacker which caused the brakes to fail. This becomes a question of fact whether the driver is able to prove in a court of law that their brakes were tampered with by a third party.”
For a smart car manufacturer, the law throws up issues of liability if it can be shown that a security system was inadequate.
“For example, if a security system relied on password protected keypads, but the software on those keypads was defective causing any number combination to be recognised as the password, the manufacturer would be liable for recourse,” said Luck. — Fin24