Sections

Commentary

Jeep Cherokee hack offers important lessons on the “Security of Things”

This post originally appeared on Forbes.com

Last month, Wired published an account describing how two security researchers, Charlie Miller and Chris Valasek, were able to wirelessly hack into a Jeep Cherokee, first taking control of the entertainment system and windshield wipers, and then disabling the accelerator. Andy Greenberg, the Wired writer who was at the wheel as the self-described “digital crash test dummy” explained what happened next:

“Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.”

Miller and Valasek also wirelessly disabled the Jeep Cherokee’s brakes, leaving Greenberg “frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch.” In response, on July 24 Fiat Chrysler Automobiles announced a recall impacting about 1.4 million vehicles, stating, somewhat incongruously, that “no defect has been found.”

1. Connectivity has outpaced security

In the rush to increase connectivity, manufacturers—and not just vehicle manufacturers –are often giving insufficient attention to the additional security exposures created when complex systems become increasingly linked. More connections mean more pathways and back doors that could be exploited by a hacker—especially when a system’s own designers may not be aware that those pathways and back doors even exist. To address this, designers need better tools to enable them to fully understand all of the ways that information will be able to move around a complex, dynamic, distributed system.

2. Distributed systems raise new and novel cybersecurity challenges

Many of the hacking stories we’ve read about in recent years involve compromises of centralized data repositories. Think, for example, of the recently disclosed breach of the U.S. government’s Office of Personnel Management systems that reportedly exposed the information of over 20 million people.

But with the growth of the IoT, we will be seeing more and more systems in which functionality and information—and vulnerabilities—are pushed to the endpoints. Systems of the future will be less and less like castles that need to be protected with high walls and a moat. Unfortunately, too many of today’s cybersecurity approaches are wedded to the castle moat mentality. That makes those approaches doubly problematic, because 1) they reflect a narrow view of the security landscape that is rapidly becoming outdated, and 2) even for systems where that narrow view remains correct, breaches are unacceptably common.

“The Internet of Things will be largely useless unless it is an Internet of secure things.”

3. Unintended linkages are the rule, not the exception

The Jeep Cherokee hack reportedly used the entertainment system as a way to access control over the brakes, transmission, and other driving-critical functions. The hackers who accessed credit card information from millions of Target shoppers in late 2013 reportedly got in using network credentials taken from a heating, ventilation, and air conditioning company contracted to do work for Target. These types of linkages are becoming the norm, not the exception, and cybersecurity needs to be approached accordingly.

4. Delivering on the promise of the Internet of Things (IoT) requires addressing the Security of Things (SoT)

There has been lots of attention to the IoT in recent years, and far too little attention to securing all of those “things,” which can include everything from small devices like smart thermostats to vehicles weighing thousands of pounds. The prospect of billions more interconnected devices coming online in the next few years leads to a long list of exciting potential applications. But it also will create a completely new set of security challenges.

The IoT will be largely useless unless it is an Internet of secure things. True security needs to be a core, up-front aspect of the design of complex, distributed systems—and not, as is often the case today, an exercise in closing the barn door after the horse is gone.

5. We need a multilayered approach to cybersecurity—and not one that just focuses on the low-hanging fruit

This might seem obvious, but you wouldn’t know it from the language that companies that fall victim to cyberattacks often use. In its July 24 statement, Fiat Chrysler Automobiles wrote that the wireless takeover of the Jeep Cherokee functions “required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code.” All of that is no doubt true, but it provides little comfort. There are plenty of extremely capable hackers with “extensive technical knowledge,” “time to write code,” and physical access to a system they want to hack.

When there is a vulnerability to be found, the laws of statistics guarantee that someone will eventually succeed in finding it. While it’s impossible to achieve perfect security, the steady drumbeat of news stories about cyber breaches shows that there’s a lot of space between perfect and where most systems are today. Closing that gap will require that every company making a connected product—including but certainly not limited to vehicle manufacturers—adopt a multilayered approach to cybersecurity that addresses not only the obvious exposures, but also the second-order vulnerabilities that become visible only though linkages between multiple system components.