 |
Shwetak N. Patel looked over the 2013 Mercedes C300 and saw not a sporty all-wheel-drive sedan, but a bundle of technology.
There were the obvious features, like a roadside assistance service that communicates to a satellite. But Dr. Patel, a computer science professor at the University of Washington in Seattle, flipped up the hood to show the real brains of the operation: the engine control unit, a computer attached to the side of the motor that governs performance, fuel efficiency and emissions.
To most car owners, this is an impregnable black box. But to Dr. Patel, it is the entry point for the modern car tinkerer — the gateway to the code.
“If you look at all the code in this car,” Dr. Patel said, “it’s easily as much as a smartphone if not more.”
New high-end cars are among the most sophisticated machines on the planet, containing 100 million or more lines of code. Compare that with about 60 million lines of code in all of Facebook or 50 million in the Large Hadron Collider.
“Cars these days are reaching biological levels of complexity,” said Chris Gerdes, a professor of mechanical engineering at Stanford University.
The sophistication of new cars brings numerous benefits — forward-collision warning systems and automatic emergency braking that keep drivers safer are just two examples. But with new technology comes new risks — and new opportunities for malevolence.
The unfolding scandal at Volkswagen — in which 11 million vehicles were outfitted with software that gave false emissions results — showed how a carmaker could take advantage of complex systems to flout regulations.
Carmakers and consumers are also at risk. Dr. Patel has worked with security researchers who have shown it is possible to disable a car’s brakes with an infected MP3 file inserted into a car’s CD player. A hacking demonstration by security researchers exposed how vulnerable new Jeep Cherokees can be. A series of software-related recalls has raised safety concerns and cost automakers millions of dollars.
Cars have become “sealed-hood entities with complicated computers and modules,” said Eben Moglen, a Columbia University law professor and technologist. “All of this is deeply nontransparent. And all of this is grounds for cheating of all sorts.”
The increasing reliance on code raises questions about how these hybrids of digital and mechanical engineering are being regulated. Even officials at the National Highway Traffic Safety Administration acknowledge that the agency doesn’t have the capacity to scrutinize the millions of lines of code that now control automobiles.
One option for making auto software safer is to open it to public scrutiny. While this might sound counterintuitive, some experts say that if automakers were forced to open up their source code, many interested people — including coding experts and academics — could search for bugs and vulnerabilities. Automakers, not surprisingly, have resisted this idea.
“There’s no requirement that anyone except the car companies looks at the code,” says Philip Koopman, an associate professor at the department of electrical and computer engineering at Carnegie Mellon University. “Computers can now exert almost complete control over your car. But if that software misbehaves, there’s nothing you can do.”
Fear of Hacking
Andy Greenberg steered a 2014 white Jeep Cherokee down a highway in St. Louis, cruising along at 70 miles per hour. Miles away, two local hackers, Charlie Miller and Chris Valasek, sat on a leather couch at Mr. Miller’s house, laptops open, ready to wreak havoc.
Read more at: Complex Car Software Becomes the Weak Spot Under the Hood
Related article: Would you know if your car was being hacked?
