July 24--"There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling transmission."
-- Intro to "The Outer Limits," a 1960s sci-fi TV show
Imagine you're driving and momentarily lose control of your vehicle in snowy weather. Terrifying, but that's nothing compared to the helplessness experienced by Andy Greenberg on a Missouri highway when Internet hackers remotely hijacked his Jeep.
First the hackers, who were in a home 10 miles away, toyed with him by punching a few keys on their laptop computer and making his vehicle's air conditioner go haywire. They blasted the radio and monkeyed with the windshield wipers. Then the Jeep's engine stopped responding. "As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl," Greenberg wrote in a Wired magazine account of his experience.
It was all an experiment. Greenberg knew he was going to get hacked, though he didn't know exactly what mischief would befall him or when. Soon he was on his iPhone, begging the hackers to stop.
The car-hacking threat is new and legitimate, a function of the decision by automakers to link vehicle features like the entertainment system to the Internet. Whenever you connect a machine to the cloud, you make it vulnerable to theft or vandalism because bad guys can follow the digital tether right into your home, office or dashboard.
Vehicles are susceptible because they're basically computers on wheels. Jeep's parent, Fiat Chrysler, acknowledged the issue Friday, announcing the recall of 1.4 million U.S. vehicles for a software fix to prevent them from being hacked remotely. The company will send owners a USB drive that can be plugged into the vehicles to install a security update.
That's hardly the end of it. The story of Andy Greenberg's Jeep is a spectacular reminder of the potential hijacking of our Web-connected stuff. Thermostats, TVs, Webcams, sprinklers and garage doors are going online because it's amazing what can be accomplished when a passive, dumb object is given intelligence and connected to a smartphone.
The broad concept, known as "the Internet of Things," is just getting going as computing power, sensors and bandwidth become cheaper, faster, better. It's a dream world of convenience and efficiency. A few examples from your future: You'll double-check with your refrigerator while grocery shopping to see if you're low on Swiss cheese, while the garage door will tell the truth about what time your teenager came home. The air conditioner will turn off when a cold front comes through, but your coffee maker will turn on 10 minutes earlier because traffic's heavier on the Kennedy.
All great, but we've already learned how vulnerable our credit cards and Social Security numbers are to electronic hacking. At the extreme end, national security experts worry about a cyber-Pearl Harbor attack in which a terrorist commandeers the operations of a dam or bridge. Now we also have to worry about the security and privacy of the dishwasher?
Brian Gratch, an expert in Internet of Things security at Chicago-based Xaptum, tells us that tech developers tend to get enamored with breakthroughs and only afterward focus on security. "Whenever it's an afterthought, it's easy to break in," he said.
That approach has to change. Washington lawmakers have caught onto the issue, but legislation won't keep up with tech advancements. It's on the companies to become obsessive about security and privacy if they want consumers to embrace their vision of connectivity. Credit card companies, for example, finally committed to replacing vulnerable strip-based cards with safer chip technology in the wake of major hacking scandals that made customers reluctant to charge purchases.
It will be the same for coffee makers and cars. The Jeep hackers broke in through the cellular network linking the vehicle's Uconnect entertainment and navigation system to the cloud. Having a Wi-Fi hot spot in your car is cool, but nothing beats brakes and a transmission system you can trust.
