You read it here first: “driverjacking.” In 1987 I hacked the controls of an innocent motorist’s white Corvette, remotely forcing the car to brake hard in the left lane of Interstate 75 near Lima, Ohio, on a March afternoon. We were driving a bright red Dodge Conquest two-door coupe behind the Corvette and in the right lane, and with a simple flick of a toggle switch we felt like omnipotent beings reaching down out of the clouds to stop the Corvette and allow our Dodge to pass.
Last July “white hat” hackers Charlie Miller and Chris Valasek staged a demonstration that showed they could do the same thing — using the Internet — to a Jeep Grand Cherokee at speed on a St. Louis highway. That demonstration led to a 1.4-million-vehicle recall by Fiat Chrysler Automobiles to fix software.
I’ve known the heady power Miller and Valasek felt: It’s exactly as if our fingers were attached to the Corvette’s brakes.
Today, as our computer-controlled cars join networks, they become vulnerable to attack from hackers and viruses, and most experts believe the problem will never be solved completely. Instead, the trend is for carmakers to update and fix bugs in vehicle electronics via the cloud, using quick fixes to minimize the impact and duration of computer software failures and security hacks.
Here’s how our Corvette hack worked in 1987: Interstate highway travel back then was efficient and had more cars than commercial trucks. With relatively low fuel prices and high air fares, it served an enormous number of Americans who needed to travel long distances. Ohio in the 1980s was openly proud of its gestapo-like speed enforcement tactics, created to ensure it received more than just its share of federal highway funds.
Although the well-known Solomon Curve study and the Tignor and Warren report from the National Highway Traffic Safety Administration have shown that artificially slow speed limits cause more accidents and deaths than speed limits that are set scientifically, Ohio took to punishing drivers with particular zeal. Among those of us who regularly crossed the Buckeye state in the best-performing cars of the era, there were rules. No. 1: “Never crest a hill in Ohio in the left lane.” That’s because arrays of microwave radiation from high-powered old-school radar speed guns were aimed indiscriminately at every car in the fast lane.
Predictably, high-revenue speed enforcement tactics led to dangerous driver behavior. Normal folks driving in the left lanes of highways would brake dangerously at the crests of hills to avoid tickets. Cars following these folks would then swerve or brake, and the whole interstate would jam up worse than flushing a cantaloupe down a toilet. This Ohio dragnet was a kind of beginning cloud network.
We were on our way back from the Grand Prix of Miami that year (won by Nissan, incidentally. Interstate traffic was less dense for the 1,300-mile journey than it is now, and many drivers used a radar detector to warn of upcoming police radar traps. Owning a radar detector was Rule No. 2 in Ohio.
For this trip, we had equipped our Dodge Conquest with a prototype radar jammer to test: It would take a signal from a modified Escort radar detector and transmit a powerful blast of microwaves, thus temporarily jamming the police radar guns while unfortunately setting off every radar detector within a few miles. The jammer was created by Steve Fong, an electronics engineer in Minnesota who sold enough of them for that state to create the “Fong Law” to outlaw their use, a law copied by a number of other states.
Driving on the Interstate highways back then was like hooking your heart up to a defibrillator — any time a radar detector’s alarm went off, the driver would go into virtual shock as he automatically slammed on the brake pedal to avoid a ticket. The particular detector-equipped Corvette that March was pacing our Dodge Conquest for a couple hundred miles at safe speeds, often pulling alongside in traffic and preventing us from smoothly merging as the herds of cars we were trapped among made their ways north on I-75. Often, this behavior became annoying. And that’s when we would blast the Corvette with enough radar wattage from the jammer that the driver thought a revenue-hungry Ohio trooper was hiding somewhere, ready to pounce on the Corvette driver’s Visa card. Whenever we hit the jammer switch, the Corvette driver would slam on his brakes, and we would be clear to pull ahead to pass the herd.
Soon new cars will all be attached to a network, under the guise of making them safer with forward-collision avoidance systems and autonomous operations. But as our cars become connected to an outside network vulnerable to hacking, so will drivers. I’ll explain: Once autonomous and semi-autonomous cars are connected to a network, drivers will struggle to find better workarounds and third-party hacks so they’re not stuck in herds of network-induced traffic jams like we were in Ohio in 1987.
Drivers will be forced to develop their own hacks to avoid and minimize insurance industry-developed fines and fees that will undoubtedly follow the autonomous car networks. These wallet-squeezing traps are called Usage Based Insurance, and they prey on network-connected cars. These will spawn hacks invisible to carmakers’ security systems. To get around future congested herds of autonomous car travelers and bug-riddled networks, we’ll be using smartphone apps connected to our own fee-avoidance rogue networks, the equivalent of radar detectors of the future. That’s exactly how the navigation app Waze — top-rated by USA Today, and purchased by Google in 2013 for $1.1 billion — started life in 2008.
So I’m calling the hacking of impending future Waze-like driver-friendly apps “Driverjacking.” That’s twice you read it here.