Over time, as car manufacturers created remote access to vehicles, they started to create vulnerable code. At the time, they didn’t see it as vulnerable, but the recent video of the remotely hacked Jeep Cherokee woke many people to the reality that cars can be hacked without the need for physical access, said Josh Corman (@joshcorman), founder of I Am the Cavalry, in our conversation at Security BSides Las Vegas.
“A lot of these cars were built before they were aware that this was a realistic issue. That’s a sunk cost. Those cars are deployed. They’re in the field and they’re vulnerable,” said Corman.
Instead of pointing out past failures, Corman’s group is trying to help car companies make better future choices.
We’re in a weird situation where we have many cars on the road that are vulnerable, but cannot be patched.
This is not just an issue of security, but also of the American economy, as the car industry has a significant percentage of national GDP. Any significant scare that could impact growth, could potentially have devastating effects on our economy, said Corman.