Sudden Unintended Acceleration, Computer Bugs and Car Hacking

Image credit:  http://www.autodeal.com.ph.

These past few weeks, the evening news has been bombarding us nightly with incident after incident of Sudden Unintended Acceleration or SUA by the unfortunate Mitsubishi Montero. To neutrals like me, the most annoying aspect of these reports will likely be the doggedness of Mitsubishi spokespersons in insisting that there is nothing wrong with the product even as the sheer number of reported incidents appears to indicate that something is indeed terribly wrong.

Although Mitsubishi is currently in the hot seat in this country for SUA, in fact it was Toyota which was investigated in the United States for the same thing after a spate of incidents as early as 2009. For the record, Toyota was cleared by the US National Highway Traffic Safety Administration for its electronic throttle system. However, SUA as a phenomenon has refused to go away and appears to be a direct consequence of the increasing computerisation of modern automobiles.

In an article published in 2012 by the online edition of the Philippine Daily Inquirer, engineering consultant Dr. Antony Anderson was cited to have named two possibilities for sudden acceleration. These are a) driver error, i.e. inadvertently stepping on the accelerator pedal; and b) an electronic system malfunction.

In the same article, Anderson was cited to have argued that electronic malfunctions do not necessarily leave behind evidences for investigative sleuths to find and that these malfunctions may not be easily reproduced “on demand.” This probably explains the hard-line stance of Mitsubishi spokespersons because testing under controlled circumstances do not replicate the SUA as reported by owners.

It goes without saying that driver error has got to be responsible for some of the reported cases of SUA. However, this article will focus instead of the second possibility – i.e. electronic malfunction – and its possible permutations.

Because modern automobiles are becoming increasingly dependent on computer technology, implicitly these automobiles are dependent on the programmers who wrote the code that help to operate them. Now here is an open secret known to all programmers: there is no such thing as a perfect computer program.

That is why all our desktop, laptop and mobile devices keep receiving updates intermittently because programmers just thought up some security patch that they should have thought of earlier in the first place. Programmer Michael Ossman, writing in his personal blog, explains, “…it became clear to me, as it should to any software developer, that the likelihood of bugs increases when software complexity increases.”

About the spate of the Toyota SUA cases in the United States, Ossman went on, “To me, the unintended acceleration reports smelled like buggy software from the very beginning. Few of the reports were identical, but all of them involved the inability of the driver to influence a computer that controls the engine throttle.”

Given how Mitsubishi spokespersons have steadfastly stood behind their product and how the SUA seemingly happens as though “on a whim” with the Montero, discounting software glitches, something else has been bugging – no pun intended – me regarding the reported incidents.

One woman described the experience of an SUA as though the car was possessed by something evil. I will be the first to admit that this line of thinking is probably a long shot; but what if the car indeed was? Not by something evil but by something or someone remote and malicious.

In other words, what if she was actually reporting a case of car hacking – that is modern jargon for hacking the computer systems of modern automobiles? I cannot find any documentation over the Internet that equates SUA with car hacking. However, what is hair-raising is that car hacking has jumped from the pages of science fiction into reality at all.

An editorial published on the online edition of the UK newspaper The Guardian says, “…any modern car is a network of anything up to 70 powerful computers that happen to be mounted on wheels and armoured in a tonne or more of steel. Every new car sold in the past few years is running about twice as much code as the whole of Facebook.”

According to the same editorial, many modern cars have IP addresses. Thus, network security, something network administrators labour over on a daily basis in server farms the world over, becomes a very tangible concern with regards modern automobiles.

Larry Greenmeier, writing in the Scientific American, says, “…that both carmakers and the U.S. government can no longer dismiss car hacking as purely hypothetical.” This was in response to a video released by two security researchers who showed how the Fiat Chrysler Jeep could be taken over remotely, forcing the company to recall purchased Jeeps for a security patch.

If at all – and I reiterate that I think that any correlation between car hacking and SUAs is a long shot – the question of course is “why.” Symantec-Norton, in an article on car hacking, gives us an insight: “Most of the danger right now may come from hackers who want to demonstrate their prowess and enhance their reputations, says Tarnutzer. And the increased reliance on wireless systems – such as the tire pressure monitoring system – makes your car more vulnerable to these attacks.”

Thinking of buying a new car, then? You may wish to consider these precautions put forth by Symantec-Norton:

• Ask about wireless systems. Familiarize yourself with the wireless systems if you’re purchasing a new car, advises Bambenek. For a car you already own, you can review your manual or check online. Find out if any of the systems can be operated remotely.
• Ask about remote shutdown. If you’re financing through the company from which you purchased the vehicle, ask about remote shutdown related to repossession. Make sure the seller has security measures in place that control access to the system.
• Go to reputable dealers and repair shops. It’s possible for unscrupulous garages to manipulate your car’s computer systems, making it appear you need repairs that aren’t actually warranted. Don’t cut corners when it comes to choosing a dealer or repair shop.
• Protect your information. Of course, locking your car is always wise. And if you use OnStar -- the GM-owned auto security and information service -- make sure you don’t leave OnStar-related documents or your password in the car, says John Luludis, president and co-founder of Superior Tech Solutions, an IT provider, and a former car industry tech executive. Since OnStar can remotely shut off your engine if you report the vehicle stolen, there’s the potential for mischief if your password falls in the wrong hands.
• Be cautious about after-market devices. After-market car systems may not be as rigorously tested or designed, opening you to vulnerabilities.

Share |