Illustration: Rebecca Zisser/Axios

Recent reports have revealed that two remote GPS tracker and immobilizer products for vehicles, known as remote kill switches, are vulnerable to attack due to guessable default passwords.

The big picture: Remote kill switches were designed to prevent theft, but can be compromised and used to steal or hijack cars, target high-profile individuals in their private vehicles, or shut down roadways through mass immobilization. The more complex a connected car’s systems are, the more potential points of vulnerability it has, making the stakes especially high for AVs.

How it works: Remote immobilizers allow an owner to shut off a car's engine by using an app to access the car's CAN bus, the central communication network that controls everything from vehicles cameras to the accelerator.

  • Security researchers have examined only a few GPS trackers and security systems, but most on the market share the same design, and the same potential to give adversaries virtually unfettered access to the engine, brakes and steering.

Between the lines: Vulnerabilities can exacerbate the problems these systems were designed to solve, exposing vehicle owners, passengers and others on the road to new dangers.

  • While the increased capabilities of AVs promise enormous benefits, adversaries could also benefit if vehicles — and the technologies that remotely support them — are not secured.
  • Attackers could target not just a single car but potentially all vehicles in a defined area, according to research from Georgia Tech. Simultaneously activating kill switches on millions of cars could trigger chaos, shutting down traffic and choking off deliveries of food, gas and other essential resources.

What's needed: Among the most promising solutions are adversarial resilience modeling, which helps avoid foreseeable issues such as weak default passwords, and secure software updates that fix issues as companies detect them.

  • I Am The Cavalry, a global grassroots initiative of cybersecurity researchers, advocates for both approaches in a cyber safety framework that could inform future car designs.

What to watch: The U.S. government has taken only baby steps on AV cybersecurity, but could accelerate its leadership by helping to standardize privacy-preserving “black box” data recorders and updating laws whose requirements may inadvertently deter automakers from adopting more securable technologies.

Beau Woods is a cyber safety innovation fellow at the Atlantic Council's Scowcroft Center for Strategy and Security.

Go deeper

The national security risks hiding in Trump's debts

Illustration: Aïda Amer/Axios

The blockbuster New York Times report on President Trump’s taxes reveals that the president is $421 million in debt, with more than $300 million coming due during Trump’s potential second term — and the identities of the president’s creditors remain unknown.

Why it matters: If some, or all, of this debt is held by foreign actors, it raises serious national security implications.

6 mins ago - World

House report: U.S. intelligence agencies have failed to adapt to China threat

Xi Jinping and other Chinese politicians and delegates listen to the national anthem duirng the closing of the 19th Communist Party Congress in 2017. Photo: Lintao Zhang/Getty Images

The House Intelligence Committee on Wednesday released a report finding that the U.S. intelligence community has failed to adapt to the growing threat from China, arguing that it will struggle to compete on the global stage for decades to come if it does not implement major changes.

The big picture: The 200-page report, based on thousands of analytic assessments and hundreds of hours of interviews with intelligence officers, determined that the intelligence community's focus on counterterrorism after 9/11 allowed China "to transform itself into a nation potentially capable of supplanting the United States as the leading power in the world."

Updated 9 mins ago - Politics & Policy

Tim Scott says Trump "misspoke" when he told Proud Boys to "stand by"

Photo: Bonnie Cash/Pool/AFP via Getty Images

Sen. Tim Scott (R-S.C.) told reporters on Wednesday that he believes President Trump "misspoke" when he told the far-right "Proud Boys" group to "stand back and stand by" in response to a question about condemning white supremacy at the first presidential debate.

Catch up quick: Moderator Chris Wallace asked Trump on Tuesday, "Are you willing, tonight, to condemn white supremacists and militia groups and to say that they need to stand down?" Trump asked who specifically he should condemn, and then responded, "Proud Boys, stand back and stand by. But I'll tell you what, somebody's got to do something about antifa and the left."