Your car is 'Stoned:' Autos join the hacking era

File photo. Front quarter view of the Ram Rebel pickup truck as it is displayed during the second press day of the North American International Auto Show in Detroit, Michigan, January 13, 2015.

File photo. Front quarter view of the Ram Rebel pickup truck as it is displayed during the second press day of the North American International Auto Show in Detroit, Michigan, January 13, 2015.  (REUTERS/Mark Blinch)

Automakers are entering the Stoned era of connected cars.

Back in 1987, the Stoned virus was one of the most destructive and widespread computer viruses yet witnessed. It was spread through floppy discs (remember them?) and announced on screen, “Your computer is now stoned.”

In the decades that followed, innumerable viruses proliferated and, today, there's an endless onslaught of criminal hacking, infecting everything from banks to government systems.

Now the auto industry is facing its Stoned moment, and how it reacts will determine how quickly — or slowly — we get to the autonomous car of the future.

Today's auto version comes from two researchers, Charlie Miller and Chris Valasek, who have been working for a long time trying to figure out how to break into vehicles over the Internet and take over their controls. The researchers say they finally managed it, demonstrating how they could play with a 2014 Jeep Cherokee's windshield wipers, crank its radio, and even bring the car to a halt on a busy highway — all done with just the use of a laptop that was miles away.  The car was “stoned,” behaving like a drunk driver careening down the road.

After several days of media attention — and attention from federal regulators — Fiat Chrysler announced a recall of roughly 1.4 million vehicles, ranging from the Dodge Durango and Ram to the Chrysler 200. Model years extend from 2013 to 2015 in vehicles typically equipped with the Uconnect 8.4-inch touch screen system. Owners or dealers can install a software patch to fix the problem.

Miller and Valasek's hack isn't just a stunt. It proves that vehicles are not nearly as securely designed as they could be and that car companies need to pay more attention to cyber security, from the wireless carriers they use and information that's shared to even the individual chips used in their entertainment and safety systems.

Given the effort and sophistication required to execute the hack, it's not likely that any of the 1.4 million vehicles will be infected. So, in many ways, it's like the early days of the Stoned virus — there's time to prevent such hacks in the future.

Back in late 1980s, there was also no World Wide Web, for example. So the computer virus' severity and infection rate was curtailed by a general lack of connectivity among PC users. In fact, it took several years for the infection to really have an impact.

Similarly, today's connected cars aren't as connected as they will be in the future. Yes, there's the connection to the Internet but that is nothing compared to what is to come when cars could potentially communicate with each other and even to traffic lights and other pieces of the transportation infrastructure. More computer control means safer cars that can automatically brake to avoid an accident, for example, but it also gives hackers a clear entry point.

Sen. Edward Markey (D-MA) and Sen. Richard Blumenthal (D-CT) have proposed new security and privacy standards for cars, but automakers need to act now.

As the Fiat Chrysler recall amply demonstrates, car companies are going to have to beef up their IT departments. Chrysler's site was bogged down, making it difficult to download the software. It's also not easy to install the fix, which means dealers could be overwhelmed. If a serious hack were to occur, car owners could not get patches in time. Over-the-air automatic downloads could help, but those communications systems would need to be hardened against hackers as well.

The other related issue is that automakers are going to have to demand more intimate technical details of processors and other components from suppliers. The assumption will have to be that any chip, even if it's just a DSP for playing music, could be used to hack into the car. 

A diversity of systems helps. The problem with Stoned was that most people were using Microsoft software then, an easy and big target. Today, most car companies use a variety of software and hardware with few standards in place. It means more ground to cover in terms battening down the hatches, but it also makes it more difficult for hackers to find a way in.

A potential threat is the move to standardize by working with Apple's CarPlay and Google's Android Auto. Both of those apps are appearing in cars this year to improve the interface with smartphones, but they could also create a common target for hackers looking to hijack cars.

What about going back to standard transmissions and AM radios?

Unfortunately, having a kill switch that turns off the electronics in a vehicle and puts it in manual mode isn't really practical. Most modern cars are at least in part drive-by-wire systems, with electronic components manipulating components like steering, shifting, and braking. So cutting those components free from the processors that govern them, say, in the middle of a high-speed turn is almost impossible. Besides, would a panicked motorist have the wherewithal to switch to manual before a crash?

The main thing car companies need to do is notify owners the instant there's a fix. Fiat Chrysler did not, for example, immediately inform the 1.4 million owners of its potentially vulnerable vehicles or tell them that they should update their software. The company had ample warning, according to the researchers, and indeed posted a software fix online before the researchers went public. But Dodge and Chrysler owners didn't receive e-mails informing them of the patch.

True, Miller and Valasek went to extraordinary lengths to control the car (it's a build-up to their reveal of more details next month at a hackers’ conference in Las Vegas). However, I monitored the elements the Fiat Chrysler update patch attempts to fix, and it became clear to me that other car makers are vulnerable — whether they want to admit it or not.

So this is the automakers' 1987 moment, and if they don't start vigorously working against such possible hacks, all those potentially safer, computer-controlled driver assist systems may be stymied for years to come.

John R. Quain is a personal tech columnist for Follow him on Twitter @jqontech or find more tech coverage at