Thursday, July 23, 2015

When did my car become a hackable computer?

hacked title 2

With the host of recent news media accounts of sophisticated hacks on all manner of cars, there is a sense of shock and surprise.

“Are you suggesting that my Jeep can start, stop and turn without me doing anything? Wow! When did this happen?”

Well, actually this shift has been in motion for a while. We just haven’t paid any attention to it and it exposes a reality that is worth exploring.

However, to understand this,  first we have to understand that computers operate on code. Code is written by human beings in lines, just as this blog is written in lines. The computer then consumes the Lines of Code that then tell it what actions to perform. 
Lines of Code
Lines of Code
Now, let’s look at a timeline:
  • Apollo 11 in 1969 had approximately 145,000 Lines of Code in the so-called Apollo Guidance Computer (AGC). That computer enabled astronauts to go to the moon and come back safely. Even so, Neil Armstrong and Buzz Aldrin overrode their Lunar Module computer when it almost landed them in a crater! But in terms of power, it was more basic than the electronics in modern toasters that have computer controlled stop/start/defrost buttons. The AGC had approximately 64Kbyte of memory and operated at a paltry 0.043MHz.
Apollo 11 computer
Apollo 11 computer
  • The space shuttle's General Purpose Computer (GPC) was originally designed in January 1972. NASA chose state-of-the-art flight computers from that era, and it had approx. 400,000 Lines of Code. It was upgraded many times and the Lines of Code went up with every upgrade.
  • Microsoft Office has approx. 45,000,000 Lines of Code! A quantum leap in complexity. Microsoft regularly patches and attempts to fix this code. Not always successfully.
  • CERN’s Large Hadron Collider that recently found the elusive Higgs Boson had approx. 50,000,000 Lines of Code before the most recent upgrade to find even smaller quantum particles.
Large Hadron Collider
Large Hadron Collider
  • A modern automobile, by comparison, has approx. 100,000,000 Lines of Code! Whoa, wait a minute –my car has twice as many Lines of Code as the Hadron Collider? Yes. Depending on your car, it could have even more than that.
Why are these Lines of Code important?

According to a Carnegie Mellon report, there are 20-30 bugs per 1 to 1.5 million Lines of Code. Do the math. When you have millions of Lines of Code, there are more mistakes and hence more bugs. Bugs make the code more vulnerable – more hackable!

The idea that software – even from the biggest companies like Chrysler, Toyota, Google, Microsoft etc. – comes with NO bugs, is an illusion. Some companies have understood that reality and are attempting to get ahead of this threat. These companies are no longer in denial. They include software giant Google that routinely pays hackers millions of dollars for telling them of bugs in their software. More companies are getting in on this crowd-sourcing model for exposing vulnerabilities in their software. Tesla, the electric car maker, is already upgrading and updating their cars wirelessly over the internet. But for all those that are attempting to correct the code, many more have very poor security practices in the writing of that code and shabby quality control. An entire cadre of attorneys is salivating at the prospect of suing all these companies for the pain they will be causing in the future.

United Airlines recently offered and then paid two hackers one million frequent flier miles each for spotting issues with their software. One million miles is the equivalent of 33 round trips from USA to Europe!

Daimler-Chrysler, BMW and Audi are buying Nokia maps for $2.7 billion. Dieter Zetsche, chief executive of Daimler, said a desire to have better control over data security was one of the reasons Mercedes was bidding for Nokia's high-definition mapping business. Dieter wants the Mercedes to steer where the driver intends the car to go and in the new and fast approaching era of driverless cars – this will be even more important. By the way, the Lines of Code in driverless cars is expected to grow exponentially, as then will the bugs.

Computers run Lines of Code. Code is not perfect. And whereas imperfect code in your laptop may not kill you (although that may not be as simplistic as that statement suggests), the computer you drive and call a car, certainly can.