The federal government's warning last week about cybersecurity vulnerabilities in vehicles is a well-intentioned public service announcement that has little value for consumers.
The warning noted the highly publicized wireless vehicle hack of a Chrysler Jeep Cherokee last July, where two security experts demonstrated they could control critical functions of the vehicle. The revelation lead to Chrysler recalling 1.4 million vehicles to update software.
And now the FBI and the National Highway Traffic Safety Administration (NHTSA) warned on Thursday that the rising use of computers in vehicles poses increasing risks of cyberattacks.
Among other suggestions, the joint advisory from the FBI and the NHTSA recommended drivers to keep their vehicle's software up to date.
The public bulletin stated it's important that consumers and manufacturers are aware of the possible threats and explained how an attacker may seek to remotely exploit vulnerabilities in the future. "Third-party aftermarket devices with Internet or cellular access plugged into diagnostic ports could also introduce wireless vulnerabilities," the bulletin stated.
However, the advice provided by the FBI and the NHTSA, though well intended, is overly ambitious for the average driver, according to Michela Menting, digital security research director at ABI Research.
"Recommendations prompting drivers to keep their vehicle software up to date seems rather optimistic, and suggesting they download the software updates and install it themselves is hazardous at best," Menting said in an email reply to Computerworld.
While the PSA offers a "note of caution" about the possibility of criminals creating malware-infected updates, the idea that drivers will be any more savvy than the average computer user in discerning genuine updates or even legitimate manufacturer websites is ill-judged, Menting added.
Given the rather nascent nature of automotive cybersecurity, it should "undoubtedly" be left in the hands of carmakers and their resellers for the immediate future, Menting said. Consumers should simply contact their auto dealers if they have any concerns that their vehicles may have been hacked or are vulnerable to an attack.
Consumers, however, should stay informed about the capabilities of their cars, just as they would about most connected devices they own — from PCs to smartphones to smart home appliances — especially considering that vehicles are much a more complex and "dangerous tool," Menting said.
"So it is perhaps even more important to understand the risks," she added.
Egil Juliussen, director of research at IHS Automotive Technology, said other than gaining notoriety, there really isn't much of an incentive for hackers to break into your vehicle's electronic systems.
In fact, the only business case for hackers to break into a vehicle is to extort money from owners or automakers. "They have to earn money on it; otherwise, it doesn't pay for them to do it," Juliussen said.
Sign up for Computerworld eNewsletters.