GM Took 5 Years To Fix 2009 Impala Cyber Glitch

Wired Magazine made national headlines recently as they published their would-be expose about how a 2014 Jeep Cherokee was susceptible to hackers. FCA immediately issued a reactionary recall. However, GM had a similar situation occur back in 2009, except it took them five years to fix it.

General Motors as well as the NHTSA reportedly knew about the hackability of their 2009 Chevy Impala and took five years to fix the issue. This report comes from Wired Magazine, which was behind the expose of the 2014 Jeep Cherokee. The vehicle was hacked at the hands of two cyber security professionals. They’ve since released a report about the 2009 Impala hack.

As the story goes, back in 2010 researchers from the University of Washington and University of California-San Diego found security defects in a 2009 Chevy Impala. They were able to hack into the vehicle OnStar system and have in their words full control over the vehicle apart from the steering. Karl Koscher, one of the researchers from the University of Washington who worked on the Chevy Impala hack told Wired, “We basically had complete control of the car except the steering.” Koscher added, “Certainly it would have been better if it had been patched sooner.”

However, Koscher’s comment that the vulnerability should have been fixed sooner isn’t meant to represent a negative opinion of automakers. Instead, Koscher and the researchers suggested in the Wired piece that automakers were and for the most part still are incapable of fixing complex software problems as quickly as consumers are used to.

Stefan Savage, a UCSD professor who contributed to the research told Wired that the auto industry is behind others when it comes to patching and repairing software issues. In an interview, Savage explained, “It’s kind of sad that the whole industry was not in a place to deal with this at the time, and that today, five years later, there still isn’t a universal incident response and update system that exists. They just didn’t have the capabilities we take for granted in the desktop and server world.” Savage added that publishing vulnerability reports to the public and media puts pressure on automakers to fix bugs and become more prepared for the next threat.

When Wired or other news outlets publish stories about vehicle hacking, do you have consumers ask you about this topic? Can your sales people be sure when they tell consumers their new vehicle will be safe from hackers? Finally, what depth of vehicle knowledge do you demand from your sales staff?