Hacking Cars and Human Drivers Sucking

I spent most of the last week at Black Hat/Defcon/BSides Las Vegas contemplating a future filled with Internet enabled vehicles, infrastructure and hackers with ill intent.  The lead up to Black Hat 2015 again provided fodder for the mass media as researchers on their path to fame rolled out more than a couple of high-profile hacks against different automakers:
Jeep : https://blog.kaspersky.com/blackhat-jeep-cherokee-hack-explained/
Tesla: http://www.itproportal.com/2015/08/06/tesla-model-s-hacked/
Ford/Toyota: http://www.cnet.com/news/car-hacking-code-released-at-defcon/

While it is concerning that these types of vulnerabilities exist I would argue that a world of vulnerable smart vehicles is far safer than continuing to allow humans to drive unassisted.

Over 30,000 Americans die annually on our roads, the vast majority of these attributable to human error.  Face it, we suck at driving.

Obviously my “bury the head in the sand” approach to making vehicles less vulnerable is not a strategy that even I would endorse over the long-term.

Good thing there are folks like “I am the Calvalry“.  This org with probably the best name ever has produced the Five Star Automotive Cyber Safety Framework (PDF) and are spearheading a grass-roots campaign to encourage automakers to engage in a collaborative approach to finding solutions to their security problems.

While I remain optimistic that this effort has at least a snowball’s chance in hell of gaining traction I am concerned that the silos that exist across manufactures will not allow for a collaborative approach to solving this particular security challenge.

I hope to be proven wrong.