A certain car company (that will not be named for no reason at all) that produces electric cars and related software ecosystem with service revenues including e.g., vehicle service, insurance, and software updates, have recently been hacked.

Last month (Sept 2021) the car company released a software package which enables the company’s cars to autonomously drive themselves. However, only certain customers of the car company’s car owners were granted some limited test access to the beta version of the software. To be granted a test access to this (apparently) long-awaited feature customers had to be in the USA and willing to pay up to $10 000 for the trail version of the software that enables their car to be run in an autonomous mode. According to the car company, the reason for only allowing customers in the USA were that the artificial intelligence powering the system, had been trained on US roads with US road signs and traffic only.

How did it go? Well, that is another story. There is plenty of videos on the Internet showing enthusiasts in the USA utilizing the software upgrade to their cars.

This story though, has more of a cybersecurity related perspective. Because what has happened to the fortune car company was (surprisingly?) that their long-developed beta version software release was hacked and leaked by a hacker community allowing customers to the car company outside the USA eligible for the software.

One of the car company’s car owners in the Ukraine has recently been posted a video of his car running the beta software released in his vehicle as he drives through the streets of Kiev.

From the video one might say that even though the car encounters some issues due to the difference in roads, it performs remarkably well. Although, that conclusion was reached from a very short period of test-time, i.e., the length of this video, it coincides with the conclusion reached by the car company, and that is probably the reason to why the software never was released as opensource.

Regarding the heading of this newsletter: there seems to be an urge for autonomous features by the car company’s car owners, and maybe, there is an equal urge from most vehicle owners, despite the brand of their vehicle. For example, there is also George Hotz at Comma.ai.

Additionally, the autonomous vehicle communities (and some car companies included) are also constantly boosting the urge for autonomous features by promoting self-driving vehicles to be our fantastic future. But, as we still are in the phase of development, software releases regarding self-driving features should be released with some consideration. Not saying that this particular beta software release wasn’t considered, but the path towards fully autonomous vehicles is long and not always straight and should therefore not be raced through with the pace of fast and loose. Hence the Peter Parker principle is mentioned in the heading.

Important though, the biggest concern here is of course that the car company were hacked, and not that the cars outside the USA could utilize the software. Which is really just a shift of focus, masquerading the actual cybersecurity breach at the car company.

Written by Joakim Rosell