Last month, Wired reported that researchers hacked the dashboard entertainment system of a vehicle being driven on public streets. Once they had access, they used that entry point to remotely control vehicle systems through the onboard diagnostics port. The researchers warned that they could have easily hacked hundreds of thousands of vulnerable vehicles traveling the world’s highways.
After this demonstration, digital security researchers at the University of California at San Diego went a step further. They showed that they could take control of a vehicle’s onboard diagnostics port to activate the wipers, engage the brakes and even disable the brakes at low speed. That feat — remotely disabling brakes — causes significant safety concerns.
The federal government has taken notice of this issue. Two United States senators have introduced a bill in the Senate that would require automobile manufacturers to develop standards that secure drivers against vehicle cyber attacks. But that legislation doesn’t address current risk and liability issues that could arise if those security measures fail and a hacked vehicle causes an accident.
Physical injury or damage arising from a vehicle cyber attack is an emerging risk and one for which the law lacks clear answers. “It wasn’t my fault” could soon be a real defense to rear-end collisions when the drivers actually didn’t have control of their vehicles.