Why should the connected car mollycoddle its owner?


Four years ago I had the pleasure of being invited to cover the iconic Le Mans 24-hours race in France as a guest of Eugene Kaspersky, the malware expert behind Kaspersky Lab.

And, in among the hospitality to view his sponsored AF Corse Ferrari F458 Italia GTE Pro driven by Giancarlo Fisichella and Gianmaria Bruni plus filing an exclusive report to the Sunday Express covering Audi driver, Allan McNish, surviving a 140mph horror crash, I heard for the first time concerns raised over cyber security in cars.

Kaspersky made it very clear that this would become a new battleground between malicious software developers and his team of IT engineers working ceaselessly to fix possible attacks on a vehicle’s computer systems.

Scroll forward to today and we hear Tesla has issued a software update for its model S car after two researchers found a way to subvert its onboard systems and were able to shut off the car and force it to stop.

This came just a week after Fiat Chrysler issued a recall for more than 1.4M vehicles after hackers Charlie Miller and Chris Valasek showed how to use bugs in the onboard software of the Jeep Cherokee to shut it down remotely.

In February a cyber-security hole left more than 2M BMWs vehicles vulnerable to attack and General Motors openly admits to be continually fixing possible hacking weaknesses in its OnStar service.

In all this the carmakers are the ones being put through the wringer both in reputational and cost terms. But is this fair?

An owner of a vehicle is hardly likely to be able to sue the manufacturer for an accident caused by a poorly inflated tyre. That is considered a matter of general vehicle maintenance much in the same way as the owners hand manual for my old Rover P6 3500S expected the owner to check the ignition contact points, balance the carburettors and check the level of all fluids (especially the radiator level) on a regular, if not weekly, basis.

And just before the young ’uns, who don’t even know what a P6 is, start bleating about modern cars not requiring basic maintenance, do they not maintain their PC, laptops or tablets? Of course they do, mainly by downloading and updating the devices’ settings and malware firewalls for which they pay, usually on an annual basis.

And here’s my point. If carmakers started treating vehicles like the computer-on-wheels they have become and pass the onus for protecting the onboard software on to the owner, the hacking threat would be no greater than it is with any computer, albeit on a computer that would require a safety override the moment an attack is identified.

If this ownership requirement was an industry standard, I’m sure the anti-malware providers like Kaspersky would be only too happy to help!


Don't miss Active Safety: ADAS to Autonomous this October 12-13

Leave a comment

Your email address will not be published. Required fields are marked *