Thoughts on the Chrysler hack

As everyone seems to have heard, Charlie Miller and Chris Valasek recently demo'd their remote vehicle hack on a Jeep Cherokee (Link) and will be presenting their work at this year's Blackhat and Defcon. Under pressure from the government, Chrysler is also recalling all 1.4 million affected vehicles in what is the industry's first cybersecurity recall. This is likely a good thing for now since it will signal to automakers that they need to invest in a better software update mechanism, rather than telling customers to manually update with a USB drive - something that 90% of people won't do. However, the auto industry faces significant challenges for implementing this. For the most part, automotive OEMs don't actually own the source code for many of the components in the vehicle. Chrysler almost certainly has no access to the source code in the vulnerable infotainment unit that Charlie and Chris exploited. This is a huge issue for the industry since it's ultimately up to the supplier of the component to fix the issue.

And unfortunately for Chrysler, they are getting a lot of bad PR over the hack, which is probably unwarranted since it's definitely an industry-wide problem. It could have just as easily happened to Ford, GM, or any other car manufacturer if Charlie and Chris had opted to target one of their vehicles instead.