Cars have become complicated, hackable computer systems on wheels
April 26, 2016
Shah Sheikh (1294 articles)

Cars have become complicated, hackable computer systems on wheels

Cars are no longer what they seem to be. On-board computers and their algorithms have invaded all organs, making cars better, but also more susceptible to hacks and invasions of privacy.

Having driven Route 85 between Cupertino and Mountain View a few thousand times, I’m familiar with every rift and gap in the concrete, every subtle camber shift as I follow an habitual, gradual arc through curves and lane changes. Some early Chevrolet episodes aside, I’m behind the wheel of a European vehicle—silent, good lungs, surefooted, precise—the kind of car that translates the driver’s steering motion into a smooth trajectory, with no need for correction as the suspension takes its time to settle. After 31 years of driving this pleasant road, the feeling doesn’t get old.

A few weeks ago, I drove the familiar route in a new vehicle freshlydelivered from Sindelfingen. Something is wrong: The first curve line is “dirty,” it lacks Germanic rigor. At the next curve, the steering wheel argues with me, politely but clearly demanding a different trajectory.

When I get back home I look around the dashboard and notice two red indicators that had been hidden by the steering wheel while I was driving. The walkthrough tech at the dealership had set the vessel to autopilot. In retrospect, I should have seen the argumentative steering coming; I had ordered the autopilot and other geeky features that hadn’t existed when I bought my previous chariot just five years ago. On the road, the autopilot had interpreted my steering “optimizations” as daydreaming lane-drift, and had stepped in to keep me in line.

I disconnect the autopilot and go for a drive; the familiar pleasant feeling returns.

In a 1957 essay about the Citroën DS (pronounced “Déesse,” goddess) Roland Barthes hailed the modern car as

…the exact equivalent of the great Gothic cathedrals: I mean the supreme creation of an era, conceived with passion by unknown artists…it excites interest less by its substance than by the junction of its components

The striving, energetic copulation of the arts and technologies—the “junction of components”—has continued. Cars are now nearly completely penetrated by automation and algorithms.

I start counting the abstracted organs in my new vehicle.

The steering system doesn’t just give an opinion on lane changes, as I had discovered; it also compensates for side wind (unnoticeable in my experience), makes automatic adjustments to facilitate parking maneuvers, and keeps the car calm in spite of small, unconscious hand movements when driving in a straight line.

Next, the throttle no longer deserves its name. Old carbureted engines used a rotating flap to modulate the volume of air that was mixed with fuel in the engine’s cylinders. You controlled the mixture mechanically with your foot, through a rod that connected the “loud pedal” to the rotating flap.

In today’s fly-by-wire evolution, your foot’s pressure and movement on the pedal is just input for an algorithm that decides how much air to let in, when to inject gas into cylinders, how many spark bursts to fire (and when)—all the while analyzing spark ionization to adjust the ignition. (As an aside, don’t miss William Langewiesche’s terrific Fly By Wire: The Geese, the Glide, the Miracle on the Hudson.)

It truly is a thing of beauty, in my eyes at least. I once expressed an interest in getting a guided walk through the source code for a computer (ECU) that controls modern engines—software that absolutely mustn’t crash (and never seems to do so).

Moving to brakes. A car manufacturer once introduced an electricbrake-by-wire system where actuators controlled each caliper separately, with the traditional hydraulic system as a backup. It didn’t work very well—software glitches caused a massive recall of about two million vehicles—but progress hasn’t stopped. The computerized anti-skid system (ABS) that has been with us for over 40 years has evolved into an algorithm that interprets my foot’s movement and sweetly modulates it into a no-jerk stop.

Now we have automated braking on the horizon, a system that will cause a car to stop before hitting an obstacle, another car or, more importantly, a pedestrian. Notwithstanding the embarrassing imperfections of early implementations, sensors and algorithms will save lives and property. Twenty manufacturers have agreed to make it standard on all of their vehicles by 2022—probably sooner once competitive forces kick in.

The list goes on: Computerized gearboxes and clutches, climate control, and the often (rightly) maligned “infotainment” systems.

While some loudly regret that the Church of the Manual Transmission loses more of its flock every year, it’s undeniable that cars keep getting safer and easier to drive, and that they’re also more efficient and pollute less.

But there are serious downsides.

The most troubling problem stems from adding wireless internet connectivity to the mix. Last year, University researchers remotely hacked a Jeep Cherokee and ended up ditching it on the highway with impotent passengers aboard.

I first dismissed the report as an innocuous, highly scripted “concept demo” stunt… until Chrysler issued a recall of 1.4 million vehicles to fix the bug. Even more alarming, the hacker researchers had been in contact with Chrysler for more than a year before the recall, as this Fortune article reveals.

Another issue, pernicious because it’s largely invisible, is the potential infringement of drivers’ privacy.

All cars manufactured after Sept. 2014 must include an Event Data Recorder (EDR), as mandated by the National Highway Traffic Safety Administration (NHTSA). The NHTSA also mandates that 15 streams of data—speed, throttle input, braking effort, and so forth—must be recorded, and has created standards for 30 more “voluntary” data types. In the event of a crash, the NHTSA requires that the EDR data be made publicly available. This is for the good: The NHTSA simply wants the data to be available for study as an aid in improving safety. But…

…perhaps the most significant feature of the Part 563 rule is that manufacturers must now relinquish their proprietary control over the equipment, software, and data decoding algorithms, thus lowering the barriers to data access.

Beyond crash data, not much is said about who exactly has explicit or implicit permission to access the EDR’s content. Anyone with physical access to the car’s On Board Diagnostics (OBD) connector (your local car mechanic) can look into your dirty driving habits and can also install software updates, benevolent or otherwise. How are normal users to know if their car has been compromised, and for what purposes? Now add wireless connectivity and even more hacking fun can be had.

Insurance companies are getting into the data recording game, of course, with offers of discounts (and penalties) in exchange for access to driving data. Just a bit further down paranoia road, why not automagically assess speeding fines and parking fees, with a courtesy discount for direct deduction from one’s bank account?

Some of us don’t mind our commutes; we like the privacy, the time spent listening to music or an audio book, or the space to “just think.” We’ll be thrilled when, some day, the car autonomously drives us home. In the meantime, we’re not pleased to know that our cars have been recording our movements. Needless to say, a court order could easily mandate invisible real-time monitoring or disgorgement of EDR data. (Come to think of it, perhaps Apple’s putative car could feature a password protected EDR…)

We should look again at our cars. They’ve become complicated computer systems on wheels, with some number of high-speed networks on board and several wireless links to door locks, HomeLink, Bluetooth, cellular voice, and internet… Unfortunately, undeniable progress comes with safety and privacy vulnerabilities that we’re only beginning to fathom.

Source | Quartz