Updated Aug 16, 2018

Advantages of connected cars come with cybersecurity risks

Illustration: Rebecca Zisser/Axios

The internet connectivity built into most new vehicles enables all sorts of conveniences — news, entertainment, weather and even over-the-air software updates from the manufacturer. The downside: Connected cars are incredibly easy to hack.

The big picture: With 16 million new cars and trucks sold every year in the U.S., these cybersecurity risks are already extensive and will only grow as the push toward autonomous vehicles continues.

Today's connected vehicles sync up with crash avoidance systems, adaptive cruise control, lane departure warnings and other networked safety components. They contain up to hundreds of processors and electronic control units (ECUs), each with its own processor. One ECU might control the braking system, another the lights, yet another tire pressure. These powerful ECUs are typically connected, sometimes wirelessly, to the car’s main computer and to each other by a data bus — sending and receiving data, files and commands.

Protecting vehicle ECUs and entertainment systems against hackers — via operating system updates, file backups, antivirus software upgrades, malicious software screening tools, and the latest web browser — takes anywhere from a few seconds to a few minutes a month. Yet those brief moments per processor, across the hundreds of processors in each car, make for a formidable task.

Moreover, there are no rules dictating who is responsible for ensuring that needed updates and upgrades happen at all, let alone in a timely fashion — a regulatory gap that increases the potential openings for malicious actors. Without a commitment from the manufacturer to verify that software and firmware are functional and up to date, vehicle operators are left vulnerable. A critical safety feature could be disabled by obsolete logic — or, potentially worse, by the installation of embedded malware.

By exploiting many of the same vulnerable entry points found in smart phones and laptops, hackers can gain control of a car's microphones, lights and components over internet, bluetooth or internal wireless connections. Once in the system, they can surreptitiously listen in on conversations, intercept calls, access private data and, in certain situations, assume control of or compromise a car’s operational and safety systems. Under remote control, the distinction between changing the radio station and changing the car's speed is simply the push of a button.

Be smart: If vehicle cybersecurity does not receive serious oversight and attention now — from manufacturers, governments and drivers — it will soon become a critical impediment to safety and privacy.

Jason Levine is executive director of the Center for Auto Safety.

Go deeper

China tries to contain coronavirus, as Apple warns of earnings impact

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's NHC; Note: China refers to mainland China and the Diamond Princess is the cruise ship offshore Yokohama, Japan. Map: Danielle Alberti/Axios

As China pushes to contain the spread of the novel coronavirus — placing around 780 million people under travel restrictions, per CNN — the economic repercussions continue to be felt globally as companies like Apple warn of the impact from the lack of manufacturing and consumer demand in China.

The big picture: COVID-19 has now killed at least 1,775 people and infected more than 70,000 others, mostly in mainland China. There are some signs that new cases are growing at a slower rate now, although the World Health Organization said Monday it's "too early to tell" if this will continue.

Go deeperArrowUpdated 1 hour ago - Health

Apple will miss quarterly earnings estimates due to coronavirus

Apple CEO Tim Cook

Apple issued a rare earnings warning on Monday, saying it would not meet quarterly revenue expectations due to the impact of the coronavirus, which will limit iPhone production and limit product demand in China.

Why it matters: Lots of companies rely on China for production, but unlike most U.S. tech companies, Apple also gets a significant chunk of its revenue from sales in China.

America's dwindling executions

The Trump administration wants to reboot federal executions, pointing to a 16-year lapse, but Pew Research reports the government has only executed three people since 1963.

The big picture: Nearly all executions in the U.S. are done by states. Even those have been steadily dropping for two decades, per the Bureau of Justice Statistics (BJS) — marking a downward trend for all executions in the country.