Get Caught Hacking a Car and You Could Get Life in Prison, Thanks to Proposed Bill
Car hacking is scary stuff. After a Wired writer allowed two hackers to remotely take over his Jeep Cherokee in 2015, Chrysler issued a recall for 1.4 million cars that could be hacked by the same exploit. Stunts like these have lawmakers and car companies nervous.
All things are hackable. To fend off attackers looking for security vulnerabilities in vehicles, two senators in Michigan have issued bills with heavy sentencing criteria.
The two new bills could, if passed, put car hackers in prison for life. Senate bills 928 and 927 both call for life sentences if a person gains unauthorized electronic access to a car in an effort to either control that vehicle or steal its data.
Hacking a car's system and taking control of a vehicle remotely could be considered the digital equivalent of joyriding; the hacker doesn't necessarily intend to actually steal the vehicle. But analog joyriding has a far less severe punishment. Taking a car and driving it around for a bit will land convicted Michiganders no more than two years in prison and a maximum $1,500 penalty. Taking someone else's car without their consent and driving it away could get a person five years in prison, according to Michigan law. Stealing a car, its parts or an item within it, or otherwise damaging a vehicle can result in a maximum sentence of 10 years in prison or a fine of $15,000.
None of these scenarios will give a person life in prison — a seemingly excessive charge.
That said, it's obviously dangerous to take control of a vehicle while another person is driving it, which could lead to injury, if not death. Those are the scenarios that Sens. Mike Kowall and Ken Horn want to avoid.
While such harsh sentencing could keep hackers from hacking, it might deter both good and bad hackers. So-called "white hat" hackers could be less inclined to seek out potential exploits and report them to car companies if they're worried about getting charged with life in prison. That could mean manufacturers won't find out about a vulnerability until it's being carried out by advanced hackers — the kind that don't get caught.
"Some of these people are pretty clever," Kowall told Crain's Detroit Business. "As opposed to waiting for something bad to happen, we're going to be proactive on this and try to keep up with technology."
While trying to deter bad actors, the bills may actually stop good hackers from researching these vulnerabilities in an effort to get them patched.