Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Rebecca Zisser/Axios

Recent reports have revealed that two remote GPS tracker and immobilizer products for vehicles, known as remote kill switches, are vulnerable to attack due to guessable default passwords.

The big picture: Remote kill switches were designed to prevent theft, but can be compromised and used to steal or hijack cars, target high-profile individuals in their private vehicles, or shut down roadways through mass immobilization. The more complex a connected car’s systems are, the more potential points of vulnerability it has, making the stakes especially high for AVs.

How it works: Remote immobilizers allow an owner to shut off a car's engine by using an app to access the car's CAN bus, the central communication network that controls everything from vehicles cameras to the accelerator.

  • Security researchers have examined only a few GPS trackers and security systems, but most on the market share the same design, and the same potential to give adversaries virtually unfettered access to the engine, brakes and steering.

Between the lines: Vulnerabilities can exacerbate the problems these systems were designed to solve, exposing vehicle owners, passengers and others on the road to new dangers.

  • While the increased capabilities of AVs promise enormous benefits, adversaries could also benefit if vehicles — and the technologies that remotely support them — are not secured.
  • Attackers could target not just a single car but potentially all vehicles in a defined area, according to research from Georgia Tech. Simultaneously activating kill switches on millions of cars could trigger chaos, shutting down traffic and choking off deliveries of food, gas and other essential resources.

What's needed: Among the most promising solutions are adversarial resilience modeling, which helps avoid foreseeable issues such as weak default passwords, and secure software updates that fix issues as companies detect them.

  • I Am The Cavalry, a global grassroots initiative of cybersecurity researchers, advocates for both approaches in a cyber safety framework that could inform future car designs.

What to watch: The U.S. government has taken only baby steps on AV cybersecurity, but could accelerate its leadership by helping to standardize privacy-preserving “black box” data recorders and updating laws whose requirements may inadvertently deter automakers from adopting more securable technologies.

Beau Woods is a cyber safety innovation fellow at the Atlantic Council's Scowcroft Center for Strategy and Security.

Go deeper

Tech scrambles to derail inauguration threats

Illustration: Sarah Grillo/Axios

Tech companies are sharing more information with law enforcement in a frantic effort to prevent violence around the inauguration, after the government was caught flat-footed by the Capitol siege.

Between the lines: Tech knows it will be held accountable for any further violence that turns out to have been planned online if it doesn't act to stop it.

Dave Lawler, author of World
2 hours ago - World

Uganda's election: Museveni declared winner, Wine claims fraud

Wine rejected the official results of the election. Photo: Sumy Sadruni/AFP via Getty

Yoweri Museveni was declared the winner of a sixth presidential term on Saturday, with official results giving him 59% to 35% for Bobi Wine, the singer-turned-opposition leader.

Why it matters: This announcement was predictable, as the election was neither free nor fair and Museveni had no intention of surrendering power after 35 years. But Wine — who posed a strong challenged to Museveni, particularly in urban areas, and was beaten and arrested during the campaign — has said he will present evidence of fraud. The big question is whether he will mobilize mass resistance in the streets.

Off the Rails

Episode 1: A premeditated lie lit the fire

Photo illustration: Sarah Grillo/Axios. Photo: Chip Somodevilla/Getty Images

Beginning on election night 2020 and continuing through his final days in office, Donald Trump unraveled and dragged America with him, to the point that his followers sacked the U.S. Capitol with two weeks left in his term. Axios takes you inside the collapse of a president with a special series.

Episode 1: Trump’s refusal to believe the election results was premeditated. He had heard about the “red mirage” — the likelihood that early vote counts would tip more Republican than the final tallies — and he decided to exploit it.

"Jared, you call the Murdochs! Jason, you call Sammon and Hemmer!”