WHEN SECURITY RESEARCHERS Charlie Miller and Chris Valasek remotely hacked the Jeep I was driving last summer, video footage of their demonstration aired on every major TV news network. Jeep immediatelyrecalled 1.4 million vehicles, and Congress even followed up by introducing abill seeking to regulate automotive cybersecurity. None of that, it seems, was enough to make a lasting impression on the overburdened mind of the average American driver.
At the RSA security conference last week, automotive consumer research firm Kelley’s Blue Book released the results of a survey on car hacking that revealed just how short Americans’ attention spans seem to be when it comes to the security of their cars and trucks: Only one in four respondents to the survey could remember an incidence of car hacking occurring in the last year. That’s a dramatic drop from just a few months earlier, when a survey by the same firm performed just days after WIRED’s car hacking exposé in July found that 72 percent of goldfish—er, consumers—were aware of the Jeep hack when asked about it specifically.
That bizarrely steep drop in awareness is a troubling finding: Though Miller and Valasek’s research resulted in a formal recall and a software update to both the vulnerable vehicles and the Sprint network used to attack them, they had also aimed to raise public pressure on carmakers to secure their vehicles from digital attacks. “If consumers don’t realize this is an issue, they should, and they should start complaining to carmakers,” Miller told me at the time. “This might be the kind of software bug most likely to kill someone.”
But American drivers may be overwhelmed with the unending string of automotive industry scandals of the last few years, says Kelley’s Blue Book analyst Karl Brauer. “There’s definitely what we call ‘recall fatigue,’” says Brauer. He points to the Takata airbag recall, Toyota’s unintended acceleration issue, and Volkswagen’s emissions-cheating scandal, all of which have vied for the American driver’s attention. “There are so many headlines relating to automobiles that it creates a river of negative car information,” he adds. “It leads to a certain amount of purposeful apathy and ignorance of the circumstances.”
Of the 26 percent of respondents who did remember a recent vehicle hack, only 31 percent remembered it being a Jeep, with 21 percent attributing the incident to a Honda and 18 percent remembering the victim vehicle to be a BMW. (The only incident that might vaguely explain either of those responses seems to be hacker Samy Kamkar’s discovery that his remote vehicle unlocking tool OwnStar also worked on BMW vehicles.)
Respondents also downplayed the threat car hacking represented. On a list of 10 possible vehicle-related risks ranging from road rage to drunk driving, car hacking rated second to last, just above carjacking, with distracted driving named as the biggest risk.
But the same respondents seemed more concerned about the cybersecurity of the next automobile they own. About 63 percent of them said the threat of cybersecurity vulnerabilities would have some impact on their next vehicle purchase, and a total of 31 percent said it would have either a “moderate” or “huge” impact.
On that point, car hackers Miller and Valasek agree. They say their demonstration was largely meant to prevent a future problem, not scare drivers with a present-day one. “One of the reasons Chris and I are working on this problem now is to raise attention and get car companies working on securing vehicles now, rather than wait for a real problem to occur,” Miller wrote in a note to WIRED. “I’m not worried about my car being hacked today…but I am worried that car companies aren’t taking this issue seriously when designing cars for five years down the road.”