Draft anti-car hacking law raises concern

Doubts about a couple of draft anti car hacking laws could create serious problems with innocent drivers and cyber security experts.

Car hacking is a scaring reality, modern vehicles use a huge quantity of connected components that could be easily compromised knowing the communication protocol used by principal vendors.

The interest in car hacking gained a high profile last summer when the popular hackers Miller and Valasek hackers remotely hacked a Jeep Cherokee SUV on a St. Louis highway on behalf of the Wired magazine. The hackers exploited security vulnerabilities in the wireless vehicle systems that automakers hope eventually will allow vehicles to communicate with each other.

The car vendor recalled 1.4 million vehicles for a software upgrade after the security duo disclosed the results of their experiment.

Two state senators in Michigan, Mike Kowall (R-White Lake) and Ken Horn (R-Frankenmuth), have proposed a law framework (SENATE BILL No. 927SENATE BILL No. 928) that addresses car hacking with laws that promise life imprisonment for hackers.

Ironically also security researchers that investigate car hacking techniques stand outlaw.

The two draft bills state that anyone who repeatedly attempts to “intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter or gain unauthorized control of the motor vehicle,” is committing a crime and risks the jail.

“I hope that we never have to use it,” said Kowall. “That’s why the penalties are what they are. The potential for severe injury and death are pretty high.”

Charlie Miller expressed his doubts about the new law and highlighted the problems it would cause to the security community.

The law forbids any manipulation of car firmware, even by the car owners.

There is no doubt about the necessity to carefully address cyber security issues in the automotive industry, but let me hope that in the future the experts from the cyber security industry will work together to approach the technical aspects of a law framework that will cover the car hacking.

Pierluigi Paganini

May 3, 2016

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...