If you are an IT security researcher or a hacker and living in the Michigan State you may consider to move somewhere else or quit researching on cars — Newly proposed law may put you in the prison for life.
The Michigan Senate has introduced new laws which could see anyone who hacks into a car’s electronic system, or does any actions which might be viewed as an exploitation of the internal bugs of the car. The new legislation shows that if one is found guilty, they can then find themselves going to prison for life as stated. This is if the new law is put into place in one of the home states for the auto industry.
Another of the bills that the Senate is proposing for the state include changing the penal code for hacking which would make hacking a car a life sentence offense. The second proposal is for the Senate Bill 928. This will be the first life sentence violation because no other violation listed in the state’s anti-hacking law carries such an excessive sentence.
The law may help reduce cybercrime but it also stops white hat hackers from finding critical security flaws in a vechile
The Republican-led Michigan Senate is trying to increase the rules and regulations pertaining to the state’s emerging connected and autonomous vehicle industry. The idea is a good to tackle cybercrime, but in the end, it will deter well-meaning security researchers and white hat hackers from working on systems and trying to find flaws in the system.
“A person shall not intentionally access or cause access to be made to an electronic system of a motor vehicle to willfully destroy, damage, impair, alter, or gain unauthorized control of the motor vehicle.’’
The Senate Majority leader, Mike Kowall, who is also the prime sponsor of the bill told reporters that they had made the penalty of committing the offense a big penalty because of the stakes that were involved in car hacking, which was mostly the risks it posed to physical safety. The fact that hackers could take control of the braking system, steering and the vehicle’s transmission made the offense a big one. The issue itself of car hackers taking hold of the vital functionalities is not farfetched. Just recently the FBI in conjunction with the US National Highway Traffic Safety Administration gave a warning to drivers to practice caution with their cars in light of new hacking methods and maneuvers available.
Just last summer, two security researchers Charlie Miller and Chris Vaselak showed how they could remotely hack a Jeep via the car’s entertainment system. The hackers also demonstrated how easy it is to hack into Police Department Vehicles in the United States. In a posted video they showed how they could turn off the car’s engine and managed to steer the vehicle off the road. 1.4 million Fiat-Chryslers were apparently affected by the security flaw the researchers found and they had to be recalled for a security patch. These auto manufacturers are not the only ones to have been found with flaws in their car operating systems, as Tesla was just seen to have software vulnerabilities, and multiple car manufacturers were exposed to have holes in their remote starter apps for their cars. The keyless entry system has also been tricked into unlocking cars in many of the scenarios.
Hackers who qualify for the life imprisonment sentence are only those who have been convicted of three felonies before. Michigan Senator Mike Kowall said he had wanted to pass the law so as to stop any future potential bad things that would happen instead of waiting until something bad eventually happened. But the legislation is being criticized for its wording which suggests that a user might not be allowed to hack their own car. Security researchers who participate in the bug bounty hunting system might now also face this legislation. There has been a long history of security researchers being sent to prison. Russian programmer, Dmitry Skylarov, was arrested by the FBI during a security conference in Las Vegas, where he was giving a report on decrypting Adobe ebook files. Luckily for him, Adobe eventually dropped all charges against him. Skylarov was the first person to be jailed under the Digital Millennium Copyright Act (DMCA).
The new law suggests that car manufacturers will be able to find bugs all on their own. This is something impractical because the over reliance on modern cars on internal computer systems makes the car complicated even for the manufacturer themselves to track it. Many of the giant tech companies in Silicon Valley and even some of the vehicle manufacturers themselves host bug bounty programs which encourage hackers to come and look for flaws in the company’s systems thus allowing them to find any bugs with their systems. The program implies that the best people to stop hacking are hackers themselves.