Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Rebecca Zisser/Axios

The internet connectivity built into most new vehicles enables all sorts of conveniences — news, entertainment, weather and even over-the-air software updates from the manufacturer. The downside: Connected cars are incredibly easy to hack.

The big picture: With 16 million new cars and trucks sold every year in the U.S., these cybersecurity risks are already extensive and will only grow as the push toward autonomous vehicles continues.

Today's connected vehicles sync up with crash avoidance systems, adaptive cruise control, lane departure warnings and other networked safety components. They contain up to hundreds of processors and electronic control units (ECUs), each with its own processor. One ECU might control the braking system, another the lights, yet another tire pressure. These powerful ECUs are typically connected, sometimes wirelessly, to the car’s main computer and to each other by a data bus — sending and receiving data, files and commands.

Protecting vehicle ECUs and entertainment systems against hackers — via operating system updates, file backups, antivirus software upgrades, malicious software screening tools, and the latest web browser — takes anywhere from a few seconds to a few minutes a month. Yet those brief moments per processor, across the hundreds of processors in each car, make for a formidable task.

Moreover, there are no rules dictating who is responsible for ensuring that needed updates and upgrades happen at all, let alone in a timely fashion — a regulatory gap that increases the potential openings for malicious actors. Without a commitment from the manufacturer to verify that software and firmware are functional and up to date, vehicle operators are left vulnerable. A critical safety feature could be disabled by obsolete logic — or, potentially worse, by the installation of embedded malware.

By exploiting many of the same vulnerable entry points found in smart phones and laptops, hackers can gain control of a car's microphones, lights and components over internet, bluetooth or internal wireless connections. Once in the system, they can surreptitiously listen in on conversations, intercept calls, access private data and, in certain situations, assume control of or compromise a car’s operational and safety systems. Under remote control, the distinction between changing the radio station and changing the car's speed is simply the push of a button.

Be smart: If vehicle cybersecurity does not receive serious oversight and attention now — from manufacturers, governments and drivers — it will soon become a critical impediment to safety and privacy.

Jason Levine is executive director of the Center for Auto Safety.

Go deeper

20 mins ago - Podcasts

Bob Nelsen on AstraZeneca and his plan to revolutionize biotech

AstraZeneca and the University of Oxford on Monday reported promising efficacy data for their COVID-19 vaccine, which has less stringent storage requirements than the Pfizer and Moderna vaccines and may be distributed earlier in developing countries.

Axios Re:Cap digs into the state of vaccine and therapeutics manufacturing with Bob Nelsen, a successful biotech investor who on Monday launched Resilience, a giant new pharma production platform that he believes will prepare America for its next major health challenges.

Ben Geman, author of Generate
Updated 27 mins ago - Energy & Environment

Unpacking Joe Biden's decision to tap John Kerry as his climate envoy

Photo: Pablo Blazquez Dominguez/Getty Images

President-elect Joe Biden is naming former Secretary of State John Kerry as a special presidential envoy for climate change.

Why it matters: The transition team's announcement sought to show that it will be an influential role, noting that Kerry — a former Massachusetts senator and the Democrats' 2004 presidential nominee — will be on the National Security Council.

Dave Lawler, author of World
2 hours ago - World

Oxford and AstraZeneca's vaccine won't just go to rich countries

Waiting, in New Delhi. Photo: Jewel Samad/AFP via Getty Images

While the 95% efficacy rates for the Moderna and Pfizer/BioNTech vaccines are great news for the U.S. and Europe, Monday's announcement from Oxford and AstraZeneca may be far more significant for the rest of the world.

Why it matters: Oxford and AstraZeneca plan to distribute their vaccine at cost (around $3-4 per dose), and have already committed to providing over 1 billion doses to the developing world. The price tags are higher for the Pfizer ($20) and Moderna ($32-37) vaccines.