JASON HENRY/New York Times
Chris Gerdes, a professor of mechanical engineering at Stanford, next to a car modified with self-driving technology at the Center for Automotive Research. Professor Gerdes says today’s cars "are reaching biological levels of complexity."
Shwetak N. Patel looked over the 2013 Mercedes C300 and saw not a sporty all-wheel-drive sedan but a bundle of technology.
There were the obvious features, like a roadside assistance service that communicates to a satellite. But Patel, a computer science professor at the University of Washington in Seattle, flipped up the hood to show the real brains of the operation: the engine control unit, a computer attached to the side of the motor that governs performance, fuel efficiency and emissions.
To most car owners, this is an impregnable black box. But to Patel, it is the entry point for the modern car tinkerer: the gateway to the code.
"If you look at all the code in this car, " Patel said, "it's easily as much as a smartphone if not more."
New high-end cars are among the most sophisticated machines on the planet, containing 100 million or more lines of code. Compare that with about 60 million lines of code in all of Facebook or 50 million in the Large Hadron Collider.
"Cars these days are reaching biological levels of complexity, " said Chris Gerdes, a professor of mechanical engineering at Stanford University.
The sophistication of new cars brings numerous benefits — forward-collision warning systems and automatic emergency braking are just two examples. But with new technology comes new risks and new opportunities for malevolence.
The unfolding scandal at Volkswagen — in which 11 million vehicles were outfitted with software that gave false emissions results — showed how a carmaker could take advantage of complex systems to flout regulations.
Carmakers and consumers are also at risk. Patel has worked with security researchers who have shown it is possible to disable a car's brakes with an infected MP3 file inserted into a car's CD player. A hacking demonstration by security researchers exposed how vulnerable new Jeep Cherokees can be. A series of software-related recalls has raised safety concerns and cost automakers millions of dollars.
Cars have become "sealed-hood entities with complicated computers and modules, " said Eben Moglen, a Columbia University law professor and technologist. "All of this is deeply nontransparent. And all of this is grounds for cheating of all sorts."
The increasing reliance on code raises questions about how these hybrids of digital and mechanical engineering are being regulated.
One option for making auto software safer is to open it to public scrutiny. While this might sound counterintuitive, some experts say that if automakers were forced to open up their source code, many interested people — including coding experts and academics — could search for bugs and vulnerabilities. Automakers, not surprisingly, have resisted this idea.
"There's no requirement that anyone except the car companies looks at the code, " says Philip Koopman, an associate professor at the department of electrical and computer engineering at Carnegie Mellon University. "Computers can now exert almost complete control over your car. But if that software misbehaves, there's nothing you can do."
FEAR OF HACKING
Andy Greenberg steered a 2014 white Jeep Cherokee down a highway in St. Louis, cruising at 70 mph (113 kmph). Miles away, two local hackers, Charlie Miller and Chris Valasek, sat on a leather couch at Miller's house, laptops open, ready to wreak havoc.
As Greenberg sped along, both hands on the wheel, his ride began to go awry. First, the air-conditioning began blasting. Then an image of the hackers in tracksuits appeared on the digital display screen. Rap music began blaring at full volume, and Greenberg could not adjust the sound. The windshield wipers started, and cleaning fluid sprayed, obstructing his view. Finally, the engine quit.
Greenberg was on a highway with no shoulder. A big rig blew past, blaring its horn.
"I'm going to pull over, " Greenberg said. "'Cause I have PTSD."
The episode was in fact a stunt orchestrated by the hackers and Greenberg, a writer for Wired magazine, to demonstrate the Jeep's very real vulnerabilities. The article appeared on July 21.
Days later, Fiat Chrysler, the maker of Jeep, announced a recall of 1.4 million vehicles to fix the flaws the hackers had identified — the first known recall intended to address a possible hacking threat.
Although automakers say they know of no malicious hacking incidents so far, the risks are real. Stefan Savage, a computer security professor at the University of California, San Diego, said that automakers were "in a state of panic" over the prospect. "They are trying to figure out what to do, quickly, " he said.
While a future of malevolent hackers taking over steering wheels across the world still feels a bit like science fiction, more mundane issues are already turning up. Recalls over software are mounting. In July, Ford said it would recall 432, 000 Focus, C-Max and Escape vehicles because of a software bug that could keep the cars' engines running even after drivers tried to shut them off. Ford dealers will update the software to fix the flaw, the automaker has said.
And last month, Toyota recalled 625, 000 hybrid cars over a software malfunction that could bring the cars to a sudden stop; it recalled 1.9 million Prius hybrid cars last year for a similar problem.
Of course, software isn't always the cause of flaws. One of the deadliest defects discovered in the last few years did not arise in chips or code: It was a mechanical problem with the ignition switch in some General Motors cars.
HIDDEN IN CODE
Software has made cars better. In fact, without software innovations, automakers could not meet tightening emissions standards, said Gerdes, the Stanford professor.
When a new car is stopped at a light, or in gridlock, for example, its engine might rev without prompting from the driver. That might feel like unintended acceleration to the driver, but inside what Gerdes called "the chemical plant" in your car, tightly controlled reactions are taking place.
The internal emissions system has realised that the catalyst is getting cool, and if it gets cool, it won't be as effective at reducing emissions. So the brains of the car command the engine to rev, creating hotter exhaust that keeps the catalyst warm.
And as the Volkswagen case has shown, these complexities create openings for automakers to game the system. Software in many of the German carmaker's diesel engines was rigged to fool emissions tests.
The cars equipped with the manipulated software spewed as much as 40 times the pollution allowed under the US Clean Air Act during normal driving situations.
* Google does not intend to become a carmaker
* Apple car tipped for 2019
Volkswagen executives admitted to officials in the United States that diesel cars sold in the country had been programmed to sense when emissions were being tested and to turn on equipment that reduced them.