As scare-tactic journalism goes, it would be hard to beat this past summer's article about hackers taking remote control of a Wired magazine writer's car.
“I was driving 70 mph on the edge of downtown St. Louis,” he wrote. “As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That's when they cut the transmission.”
Scary! Hackers can take over our cars! Our lives are at risk!
No, they're not.
Stories such as these are catnip to mainstream media and the technophobic public. Unfortunately, they leave out or underplay a detail or two that would take most of the air out of the drama: these aren't just any cars.
In the case of the Wired article, the Jeep belonged to the hackers. They had been working on it for more than a year to figure out how to hack it.*
That's really a different story.
In February 60 Minutes ran a story about a similar experiment. “Oh, my God,” the correspondent exclaims as her brakes stop working. “That is frightening!”
But would it have been as frightening if she had mentioned that this kind of hack requires a car with cellular Internet service, that it had taken a team of researchers years to make it work—and that by then the automaker had fixed the software to make such a hack impossible for vehicles on the road?
Then this, in August: “Two researchers have found that they could plug their laptop into a network cable behind a Tesla Model S's driver's-side dashboard, start the car with a software command, and drive it,” Wired reported.
But wouldn't you see that if you were in the driver's seat?
Here's the simple truth. No hacker has ever taken remote control of a stranger's car. Not once. It's extraordinarily difficult to do. It takes teams working full-time to find a way to do it.*
The journalists should also stop calling the perpetrators “hackers.” These are researchers—the good guys—not evildoers hiding in bunkers somewhere.
Every time one of those stories pops up, I feel like pulling up alongside the reporters in my own noncellular 2009 Honda Fit and yelling, “Hack this!”
Now let me hasten to say this: car security is serious. Not very many cars have built-in Internet connections today—designed for emergency communication, to bring Internet information to the dashboard or to supply a Wi-Fi signal to passengers in the car—but their number is growing. Researchers' demonstrations have underscored the importance of designing these systems securely—for example, of keeping cars' control circuits separate from the Internet ones.
In other words, the industry's concern over hackable cars isn't misplaced. Researchers who try to break in are performing a valuable service in drawing attention to a potential danger.
All three cases described here led to prompt software fixes by the carmakers, who are keen to avoid their products seeming vulnerable. None of those researchers would be able to repeat their demonstrations today.
Unfortunately, you haven't read the last “you're a sitting duck” hacker story. Connected cars are only part of the larger “Internet of things” movement, in which more everyday objects are being made capable of getting online. Home door locks, lighting systems, coffee makers—designing all of it with excellent security is extremely important, and there will be occasional failures.
Yes, new technology is always a little scary. But let's not exploit that fear. Let's assess the hackable-car threat with clarity, with nuance—and with all the facts. Today remotely hackable cars are still only a hypothetical threat. It's not one that should keep everyday drivers up at night.
*Editor’s Note (10/22/15): This article has been modified to fix reporting errors regarding the hacked Jeep cited in the Wired article. The hackers needed physical access to the car to figure out how to hack it, not to perform the hack itself, as we originally reported. The hackers had been working on the Jeep hack for more than a year, not three years. And according to the hackers, the hack would have worked on other Fiat Chrysler models, not just the hackers’ Jeep.