When a group of German hackers breached a Tesla, they weren’t out to remotely seize control of the car. They weren’t trying to access the owner’s WiFi passwords, nor did they want a way to steal credit-card numbers from a local electric-vehicle charging network.

Their target was its heated seats.

The Tesla in question was equipped with heated rear seats, but the feature is hidden behind a paywall and activated only after the driver forks over $300. To get around that, three Ph.D. students from Technische Universität Berlin, along with an independent researcher (and the  Tesla’s owner), say they physically tampered with the voltage supply that powers the car’s infotainment system. This allowed them to essentially glitch the computer, in the process gaining access to the rear heated seats free of charge. By “jailbreaking” the car, they were also able to access many of its internal systems and private user data. “We are not the evil outsider, but we’re actually the insider, we own the car,” one of the researchers told TechCrunch last month ahead of a cybersecurity conference where they presented their findings. “And we don’t want to pay these $300 for the rear-heated seats.”

As part of the move toward electric cars, most automakers are copying Silicon Valley’s playbook and making drivers pay monthly or yearly fees to unlock new features. Sometimes those features are fairly basic, like a remote starter; in other cases they’re more advanced, like autonomous parking assistance. Accessing them typically requires just a few taps on a car’s touchscreen or its related smartphone app, the same way you might subscribe to anything else online. It’s part of why the new generation of cars is often described as “smartphones on wheels”: Cars now offer various downloadable apps, automated driver assistance, and even integration with platforms such as Spotify and TikTok. But more digital features that connect your car to the internet provide openings for data theft, tampering, and other cybersecurity risks that simply have not existed on the roads until now.

Car hacking may call to mind action-movie-like scenes of millions of Teslas being remotely seized by terrorist groups and commanded to drive into hospitals. That’s thankfully far-fetched. The bigger risk is to personal and financial information related to various digital add-ons and connected features, which are essentially unavoidable with modern EVs—as is the requirement that you pay for them over time. Mercedes-Benz will unlock more horsepower for up to $90 a month, BMW lets its cars’ safety cameras record 40-second snapshots of video for $39 a year, and Ford’s BlueCruise hands-off driver-assist feature is now $75 a month. Many major automakers have big plans for this approach, if they don’t already offer them: Ford just made a big executive hire from Apple to grow future subscription revenue, while General Motors plans to offer more than 50 such features by 2026. And rather than conveniently listing these costs online, some automakers have you find out via the car’s infotainment system itself.

Understandably, these moves have not gone over well with the car-buying public. A BMW plan to charge $18 a month for heated seats (it’s always heated seats, somehow) in countries including the United Kingdom and Korea proved so unpopular that BMW just announced it will be dropping the idea entirely. The company still plans to offer subscriptions for software such as automated parking help, and Jay Hanson, a BMW spokesperson, told me that such subscriptions offer drivers a level of flexibility they’ve never had before. “A customer may choose to add a feature that was not specified when the vehicle was originally ordered,” he said, “or experiment with a feature by purchasing a short-term trial before committing to a purchase.”

There is another explanation for the pivot to subscriptions. Although subscription features aren’t exclusive to electric cars, they are inextricably tied to the EV revolution. Developing and building EV batteries is staggeringly expensive—less a “shift” and more a total reinvention of the industry costing hundreds of billions of dollars. And because EVs generally have far fewer mechanical components than gas cars, they require very little maintenance, meaning that car makers, suppliers, and dealers are poised to lose a significant amount of revenue made from selling parts for repairs. One Hyundai executive told me earlier this year that the company wants 30 percent of future profits to come from software, downloadable features, in-car entertainment, and other subscription features.

Nature finds a way, and so do hackers. Putting these features behind a paywall could encourage tampering from owners looking to get stuff for free, just as some smartphone owners jailbreak their devices. One of the German Tesla hackers, Christian Werling, told me in an email that he anticipates a rise in tactics like the ones they used. “I would be surprised if [other Tesla owners] didn’t adapt similar techniques to ours,” he said. Tesla did not respond to a request for comment, though Werling said that the team shared its data with Tesla, as is the norm for benevolent “white hat” hackers. “They did respond to our findings and were grateful for the heads-up,” he said.

But surely most EV owners aren’t going to bother jailbreaking their $50,000-plus car, even if they have the technical expertise to do so. The bigger threat, experts told me, is remote software hacks from malicious actors. Each time a car gets a new touchscreen app or subscription feature, it provides a potential way in for hackers who are after your credit-card information, personal data, and more. Let’s say you pay your car company $20 a month for something like those much-maligned heated seats, and this includes the ability to remotely warm them up on cold days through a smartphone app. An intrepid hacker could use various tools or techniques to find a security vulnerability in that app and remotely log in. From there, they might be able to access the credit card you use to pay for those heated seats, or tamper with other functions on your car that are tied to the smartphone app. They might discover ways in from forums such as Reddit, the deep web, or even publicly available databases, and then try something that worked on one car with another brand. Or they might launch a distributed denial-of-service attack on one of the communication systems these digital car features depend on.

The potential risks are amplified because of the countless third-party companies that automakers rely on for hardware and software alike. The German researchers were able to jailbreak their Tesla because of a vulnerability in the processor that powers the car’s touchscreen, made by the company AMD. (The company did not respond to a request for comment.) Last year, the cybersecurity researcher Sam Curry and his cohorts found a way to unlock, start, and honk the horn of scores of Nissan, Honda, Infiniti, and Acura vehicles because they all used a common provider of internet-connected features, SiriusXM Connected Vehicle Services. Cars may especially be a target of hacks because of the massive amounts of personal and location data that they now collect. “Cars are the worst product category we have ever reviewed for privacy,” a recent report from the nonprofit Mozilla Foundation concluded. Depending on what exactly gets breached, a car hacker could see where your home or office is or where you go to spend your money, or even have a window into much more personal matters, such as whether you drove to an abortion clinic.

This is not to say that car hacking is now a daily fact of life with EV ownership. An Israeli cybersecurity and data-management company called Upstream, which monitors millions of cars across the world, reported that of 1,173 publicly reported car cyberattacks they examined since 2010, almost 23 percent happened in 2022, tracking with the rise of connected features in cars. Exactly how big of a problem this might become remains unclear, though Vyas Sekar, a Carnegie Mellon professor who has studied car cyberattacks, told me a major concern is that the connectedness of modern cars also increases the “scalability” of threats. “If the attacker finds a weakness,” he said, “they can compromise a large number of connected cars simultaneously without much cost or effort.” Last year, a 19-year-old discovered a vulnerability in a popular third-party program that lets Tesla owners access their data, allowing him access to dozens of Teslas worldwide. He was able to control the cars’ windows, doors, and horn, and even obtain the owners’ email addresses.

The threat of cyberattacks is not new for tech companies; it’s part of why your phone is always bugging you to upgrade its operating system. But now an industry that spent a century building gasoline engines has to be in the cybersecurity business too, and it’s not necessarily going well. Upstream’s VP of data, Shachar Azriel, told me that auto companies can take months to respond to vulnerabilities. “I worry the industry isn’t agile enough,” he said. “These companies don’t know how to move fast here.” I reached out to several car companies—including Tesla, Ford, Toyota, and BMW—to ask about their cybersecurity operations, and only BMW and Toyota would comment on the record. Even then, the carmakers shied away from specifics. Hanson, the BMW spokesperson, said the German automaker has an automotive-security division that works to prevent both hacking and jailbreaking. “This division uses all available, state-of-the art measures to ensure our digital products are guarded from external threats in the best possible way,” he said.

For individual drivers, security likely means making sure that your car’s software is up-to-date just as you would with your phone, or even being judicious about where and how you dole out credit-card information—something that doesn’t bode well for the multitude of apps required for EV charging. But most of us still think of our cars in terms of filling up gas, oil changes, and rotating tires, not data privacy. If the auto industry wants drivers to see cars as “smartphones on wheels”—and pay the same way—it’s got to be prepared for the worst. That, or we learn to just skip the heated seats.

Prognosticating about war is always a chancy business. Even the most arrogant pundit or politician soon learns to slip a qualifying “You never can tell” into their predictions. But making all allowance for that, it is striking just how bad Western governments, commentators, and leaders have been over the past few decades at gauging not only what course wars might take but how they have gone as they have unfolded.

In 1990, many respectable analysts and journalists predicted a bloodbath followed by a quagmire in the Kuwaiti and Iraqi deserts as battle-hardened Iraqi troops faced their outnumbered and supposedly softer American counterparts. The Gulf War, however, ended up being a swift conflict in which friendly fire and accidents did as much damage to the U.S. Army as hostile fire. The Iraqis were outgunned, outmaneuvered, out-led, and—as we later learned—actually outnumbered by the forces ranged against them.

[Garrett M. Graff: After 9/11, the U.S. got almost everything wrong]

American and European planners similarly overestimated their opponents in the Balkans in the 1990s. Historically misinformed references to the numbers of German divisions pinned down by Tito’s partisans during World War II had defense planners and commentators convinced that although the U.S. had won a smashing victory with ease against Iraq, intervening in Bosnia would be a much tougher fight. It wasn’t.

Misestimates in both directions have continued ever since. For four years after the start of the Iraq War in 2003, the U.S. flailed about, convincing itself that it was merely fighting a declining number of “former regime elements” and “bitter-enders” waging irregular warfare, who could be disposed of by the shaky new Iraqi army. It took a more realistic view—and the war’s best commander, General David Petraeus—to turn around both assessment and strategy.

If overoptimism had bedeviled the U.S. government in Iraq before 2007, and in Afghanistan as well, persistent and equally ungrounded pessimism about the possibilities of reversing the situation pervaded Congress. In fact, a freshman senator from Illinois and a senior senator from Delaware, both of whom would become president, were convinced that the Iraq War was hopeless just as Petraeus and his five new brigades turned it around. Back to overoptimism again: American administrations misjudged the pace and extent of the Taliban’s war against our Afghan allies in the early 2000s; in 2021, they were stunned by the collapse of the Afghan regime once we had announced our final withdrawal. They had been equally surprised by the re-eruption of the Islamic State after a similar, if lesser, withdrawal from Iraq a decade earlier.

Prominent analysts of the Russian military confidently projected a Russian blitzkrieg against Ukraine in February 2022. Yet well before the full weight of Western aid could be felt in Ukraine, the invader was shown to be far less competent, and the defenders far more effective, than anyone had anticipated. A similar pattern is occurring now, as anonymous military leakers and supposed experts say that the Ukrainian counteroffensive is a failure because fighters are not maneuvering in the manner of George S. Patton and the Third Army in the breakout from the Normandy beachheads in 1944.

How and why has this happened? Failing to project the actual course of a war is, after all, a phenomenon on both the right and the left of the political spectrum, and quite as common among serving officers and intelligence officials as among journalists and commentators.

To some extent, the explanations vary with the cases. The Iraq and Afghanistan misjudgments reflected in part the difficulty of overcoming the military’s self-imposed amnesia about counterinsurgency after Vietnam. The “We will never do that again” sentiment led the U.S. Army in particular to stop thinking about counterinsurgency. When I led a study for the Defense Policy Board on the subject in 2004, I discovered that the counterinsurgency manuals still on hand were of Vietnam vintage, presuming an opposing army of Communist-indoctrinated peasants in straw hats and black pajamas.

The Ukraine misjudgments came from different sources: narrow focus on numbers of weapons and pieces of kit, confusion of military doctrine with actual ability to execute it, and the enduring American suspicion that if you are allied with the United States, you are probably corrupt, incompetent, and cowardly. That was unfair with regard to the Vietnamese, Afghans, and Iraqis, who were in some measure each set up to fail, but it was grossly wrong with regard to Ukraine. And with an analytic subculture built around a certain reverence for the Russian bear, some had difficulty accepting that the bruin was rheumatic, myopic, mangy, and had mangled claws.

Very few people study war. In the past three or four decades, universities have been filled with courses on “security studies,” which means, in practice, things such as arms control, deterrence theory, and bargaining under threat. That is where today’s journalists, scholars, and officials were educated. Universities that once had eminent military historians—a Mac Coffman at the University of Wisconsin, a Gunther Rothenberg at Purdue, a Gordon Craig at Stanford, a Theodore Ropp at Duke—saw them replaced by respectable scholars who were less directly concerned (or not engaged at all) with what happens when nations summon up armies, fleets, and air armadas to make the final argument of kings.

For civilians, the end of the draft meant the vanishing of a gritty familiarity with what makes militaries work, and, just as important, with their numerous stupidities and inefficiencies. As military experience dried up in the political, scholarly, and journalistic worlds, professional officers operated exclusively in an environment in which, however, grueling and lethal the forever wars might seem, the United States always had overwhelming advantages, including supremacy in the air and in space, and secure logistical bases and lines of communication. These conflicts were hard and often bitter experiences, but they were not wars of the kind that kill hundreds or even thousands in a day, and they were not wars against countries that could contest our dominance in the air or at sea. That has not happened since 1945.

Our systems of higher military education only partly compensate for this lack of direct experience. When he was secretary of defense, James Mattis called for “putting the war back in war college.” But the war colleges, with important and respectable exceptions in terms of faculty and courses, are primarily designed to bring mid-career officers into the political-military world of international politics and foreign policy, of defense decision making and analysis. These are not the hatcheries of the elite war planners and scholars of war that we need.

The conviction remains in many quarters that somehow, real war will not again come to us. That is why even though military leaders know that ammunition stocks are way too low, they do not pound their civilian superiors’ desks pleading to build them up. It is why political leaders, in turn, fail to level with the American people that we need to spend more—a lot more—on defense, if we hope to prevent in other parts of the world the horrors that have befallen Ukraine. It is why humanitarian restrictions on some valuable weapons—mines and cluster munitions in particular—can make their way into law or policy, because we somehow think that these horrors will never become necessities.

[David Frum: The Iraq War reconsidered]

Two antidotes come to mind. The first is a lot more military history all around—old-fashioned guns-and-trumpets stuff, as antiquated and embarrassing as that is to the contemporary academic mind. One should read military history in width and depth, the 20th century’s greatest English-speaking military historian, Michael Howard, once said. One should know something about a lot of wars and a great deal about a few, to develop an instinct about what things in war will go well and which poorly, what one can anticipate and what one cannot.

And we should keep an honest accounting. Errors—even big errors—of military judgment are inevitable. But when misjudgments occur, those who make them should ask themselves some painful and searching questions. (I wrote the second chapter of  The Big Stick to reckon with my own misjudgments about Iraq.) And when such miscalls are truly egregious, persistent, and, what is much worse, unacknowledged and unexamined, journalists, pundits, and officials should consider whether that well-known name should still be on speed dial, as is the case with the Ukraine war today. Otherwise, the most recent set of errors will most definitely not be the last, or even the worst.

A new advert portrays Olaf Scholz in an unfavourable light over a vote on the country's retirement age.

All the fun of the fair without the cruelty. Germany's Roncalli circus has replaced live animals with holograms of elephants, lions, and other exotic creatures.

LONDON (AP) — German automaker BMW is set to announce plans to build the next generation electric Mini in Britain after securing U.K. government support for a multimillion-pound investment in the company’s Oxford factory.

Read more...