Now that we live in a world where nearly every inanimate object is a computer of some kind and is interconnected with a nearly limitless number of other devices, safety and security is becoming increasingly important with tangible things the way most people think of digital devices. Now IT experts are also becoming increasingly concerned about the way companies fix hacks when they are discovered.
Six weeks ago hackers found vulnerabilities in a 2014 Jeep Cherokee that allowed them to remotely control its transmission and brakes. Chrysler responded by creating a patch to fix the epic exploit. However, they distributed the patch by sending out more than one million USB thumb drives via the postal mail to drivers.
Aside from the long standing warnings of security professionals to never plug USB sticks sent via the mail into any device (because it’s far too easy for someone to send out malicious software that way as part of a malware campaign); the method also opens up the obvious possibility that someone who moved or is tech-averse will fail to update their car and will end up in potential life-threatening peril as a result or Chrysler’s new DIY approach to recalls.
A major reason for this rollout is that these cars could not be updated wirelessly by any sort of push messaging sent from Chrysler. Cars from Tesla for example routinely get service updates automatically and wirelessly. However that begs for questions about the level of encryption and security sophistication Tesla or others will be using to prevent third parties from tampering with cars. In some cases it may be greed based things like a way to unlock the doors from a mobile app used by thieves, malicious goals like disabling brakes or any other reason a crackpot might come up with the alter the way your car is intended to function.
The key lesson here is that any company creating a product or service for the modern world needs to be thinking ahead to pre-plan a safe, secure and fool-proof method of updating that product if or when it needs to be corrected in some way. The federal FDA recently launched a new set of UDI Compliance regulations that will cost the medical industry millions of dollars, for the sake of better controlling, tracking and monitoring medical devices when recalls or other alternations are needed. Companies like www.UDIcompliancesolutions.com specialize in handling those extensive filing requirements and this sort of misstep by Chrysler may lead to a similar set of mandates from the state operated Department of Motor Vehicles soon.
These days it’s not good enough to make a great product or to fix one that has a security flaw, companies are now expected to fix hacks immediately, securely and seamlessly without opening up any new opportunities for the hackers and griefers that continue to challenge the pace of progress.