If Uber was a real person, you’re probably feel a bit conflicted about accepting a ride from them. They flout local laws, they’re not particularly discerning about screening their drivers, and it’s quite likely that they want to bring about a Libertarian utopia. No thanks, Uber. However, thanks to their recent acquisition of a security research team comprised of Uconnect hackers Charlie Miller and Chris Valasek, it is now less likely that your taxi-replacement service will be hacked.
Information security, as it pertains to automobiles, is in its relative infancy. This is really bad news for drivers. Automakers are increasingly making their cars into Bluetooth-enabled smartphone extensions, but they aren’t really trying to make these connections evil-proof. Miller and Valasek proved this by completely owning the Uconnect system on a 2014 Jeep, then leveraging the hacked infotainment device to control the vehicle’s ignition, acceleration, steering, and brakes.
This hack was just the tip of the iceberg in terms of automotive vulnerabilities. Just since the Jeep hack was announced, even more threats against cars have cropped up. A security researcher discovered that the OnStar app could be compromised to control certain automotive features, such as the door locks. The same researcher, a man named Samy Kamkar, was able to break keyless entry systems by jamming the radio signal from a key fob. Lastly, researchers presented a way to hack an insurance monitoring device — commonly used by Uber drivers — in order to cut a car’s brakes.
Automakers have responded either by sticking their heads in the sand, or outright threatening legal action against those who have exposed these vulnerabilities. Uber is therefore largely ahead of the pack. By hiring this research team, they’ve hopefully future-proofed their fleet of app-connected, smartphone enabled computers-on-wheels against the kind of hijacking shenanigans that will no doubt crop up very shortly in real life. But they’re still kinda awful.