Hacking has suddenly become a big concern in the car business. Hackers showed a Wired reporter how they could remotely take control of a Jeep, and now another hacker has revealed how to gain access to a Tesla Model S. Hackers have revealed a vulnerability in General Motors' OnStar system. Where will it end?
It will never end. The arms race is officially on. The hacks that have occurred were undertaken by benevolent hackers who in some cases have been working with the automakers to refine security, reveal flaws, and develop patches.
But it's possible that more malevolent hackers will enter the game. In fact, they may start out as bad hackers who want to go straight — and see the auto industry as a source of funding. And of course hacking a major automaker's technology is terrific promotion for a hacker or team of hackers ahead of big cybersecurity gatherings, such as the Def Con conference being held now in Las Vegas.
The carmakers have varying degrees of vulnerability. And of all of them, Tesla on paper seems to be the most vulnerable of all. Elon Musk's company has redefined the state of the art when it comes to integrating technology with the automobile. Tesla announces software updates in the same way that Apple rolls out improvements to iOS for the iPhone. And then Tesla enables owners to upgrade their vehicles' operating systems wirelessly over the air (OTA).
This practice so impressed Consumer Reports that the publication named the Model S its top automotive pick for two consecutive years. The vehicle was essentially the same. But the software updates redesigned the car, making it feel like a new model.
Keeping secrets
Traditionally automakers have been fairly secretive about the software that governs vehicle and infotainment systems. So secretive in fact that I was shocked when I learned that the Jeep hack was possible because hackers were able to wirelessly access a shared software hub. I didn't think automakers had decided, on even a limited basis, to merge these software "silos."
Automakers have been secretive because they don't want anyone to plug in and hack their cars (via "hard" access ports). They want to control when and how software is updated. For them, there's value in this process, not least because outdated technology can encourage an owner to start shopping for a new car.
Tesla, by contrast, is ahead of the curve on a wireless future. According to Wired's Kim Zetter, Tesla developed its software systems with idea that they could someday be compromised. The existence of a cyberthreat was baked into Tesla's thinking.
Tesla has been building cars for only about 10 years, whereas Jeep's parent, Chrysler, has been around since the automobile was still competing for attention with the horse. Tesla is in this respect like a young person who has grown up with the internet and the mobile web — and is unlike an old fogey whose idea of security when it comes to cars is rolling up the windows, locking the doors, and hoping for the best.
A tech company at heart
Tesla has another major advantage over its traditional competitors: The tech world reveres the company. It's no secret that a lot of successful Silicon Valley types are Tesla customers. Tesla executives and Tesla engineers, on the hardware and software side, are more likely to understand cyberthreats because they are closer to the tech world. Executives in Detroit are far away. Companies such as Ford are working to rectify this issue by establishing research centers in Silicon Valley.
But Motown's expertise remains bolting cars together. As we're learning from some potential production delays to Tesla's Model X SUV, and from the herky-jerky rollout of the Model S several years ago, Tesla hasn't yet nailed down the bolting-together part. But it's on the leading edge when it comes to wireless innovation in the space.
Street cred will not protect Tesla from cybercriminals who see it as the Holy Grail of hacks. And as Tesla matures, the high-tech side of its story will logically give way to the carmaking side. It doesn't matter how awesome your OTA updates are if you can't delivery the hardware platforms, i.e., cars, that support the software. But if anyone can either stay one step ahead of cyberthreats or respond rapidly to hacks with quick, OTA patches, it's Tesla.
A new threat
The auto industry has never really confronted a threat like the hacker attacks that have recently dominated the news. Rigging a car to do malicious things — the "cutting the brake lines" of the spy movies — has always been a direct, mechanical process. When technology has failed, or been accused of failing, it is involved systems the manufacturers have maintained, such as the electronic throttle controls that were the focus of the Toyota unintended acceleration recalls of the 2010-2011 period.
These systems predated the wireless revolution, however. "Drive by wire" has been around for 20 years. Wireless connectivity in cars hasn't.
In the traditional industry, the reaction to hacks hasn't been to hide from reality, but nor has it been to embrace the Brave New World. Chrysler knew about the Jeep flaw for a year and half before the media reported on the hack.
Tesla is significantly more transparent. Because software is a big part of the company's narrative, Tesla routinely and enthusiastically informs customers, the media, and the investment community about new features and upgrades. And when something goes awry, it comes up with a fix as soon as possible and broadcasts the improvement.
At base, while they have changed considerably in the digital age, the traditional automakers remain "closed source" about their technology. Tesla DNA has been shaped in exactly the opposite direction. It wants to hackers to expose flaws. It sees great value in an open-source approach. And it doesn't appear to care about closely holding its intellectual property: Tesla gave away all its patents in 2014 to encourage innovation in the startup electric-car realm.
As the hacking wars come to define the auto industry in the next 10 years, Tesla will already have the perfect defense and be prepared to win. You don't exactly join the hackers, but you don't try to beat them, either. You keep your friends close, but your enemies closer — and you don't always treat the enemy as if they'll never be an ally.
