Michigan Senators introduced a new bill last week that would make it a felony to “willfully destroy, damage, impair, alter, or gain unauthorized control” of a vehicle.
A second bill would amend Michigan’s criminal code for hacking, which would give car hacking a maximum sentence of life in prison. Car hacking would be the only anti-hacking law that carries a life sentence.
Apparently, what caught the senators’ attention was last year’s high profile hack of a Jeep Cherokee SUV by a couple of security researchers, who wanted to show that connected cars or future self-driving cars can be highly susceptible to hacking.
The FBI and the U.S. National Highway Traffic Safety Administration recently put out a warning for connected car drivers owners as well, saying that this type of vehicle is increasingly more vulnerable to remote exploits. Modern cars contain a growing number of computers called “electronic control units” (ECUs), which control everything from lights and windshield wipers to steering, braking and acceleration.
An increasing number of vehicle components are also controlled wirelessly, be it keyless entry, ignition control and tire pressure monitoring to diagnostic, navigation and entertainment systems.
This problem could become worse with self-driving cars, which will be completely operated by software and computers. Self-driving cars may end up eliminating car crashes that would normally happen through human error, but car hacking could be on the rise once there are millions of self-driving cars on the road.
Many of the car makers looking to jump into self-driving cars within the next few years are the same ones having their connected cars hacked today, or who up until recently weren’t even securing their over-the-air updates with encryption. Many of these car makers may not even be aware of the dangers they could be unleashing with their self-driving cars if they don’t take software security much more seriously.
The new Michigan bills may raise the punishment for car hacking, but it’s not a guarantee that it will be a strong deterrent against criminal hacking of cars. After all, there are many anti-hacking laws on the books today, but hacking seems to continue unabated. Further, many of the data breaches we see in the U.S. are done by hackers from outside of the country, where such state laws would be irrelevant.
To keep drivers safe in the future, car makers would not only have to excel at making car hardware, but also software. They will also need to ensure that their software has as few vulnerabilities as possible while increasing the security of all the car’s components.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.