Software Vulnerabilities and Cyber Risks in Florida: The Next Wave of Auto Product Liability?

New cars today contain more lines of code than the Space Shuttle. As vehicles become increasingly connected and automated, they open drivers and passengers up to new risks from hacking and software flaws. While incidents so far have been limited, cyber risks represent an emerging area of auto product liability that Florida plaintiffs, attorneys, and consumers should watch closely.

The Rise of Connected and Autonomous Vehicles

Connected vehicles contain wireless technologies that allow communication with external networks and systems. This connectivity enables advanced capabilities like real-time traffic alerts, automatic crash notifications, and over-the-air software updates. Fully autonomous vehicles take connectivity even further by using sensors, cameras, radar, and artificial intelligence to operate with little or no human input.

Major automakers are racing to develop self-driving cars and related technologies. Ford CEO Jim Hackett said in 2017, “We need smart vehicles for a smart world… but cities are not ready [yet].”, General Motors and Cruise are testing autonomous taxis in San Francisco. BMW, Daimler, and Volkswagen are jointly developing an autonomous driving platform.

Florida is at the forefront of autonomous vehicle deployment. Under the 2020 Florida Statute § 316.85, humans are not required to drive cars, allowing self-driving vehicles to operate legally. Orlando and Tampa host testing and pilot projects by GM/Cruise, Ford/Argo AI, Beep, and Navya. The Florida Turnpike Enterprise is exploring how autonomous buses and shuttles could improve mobility.

New Risks and Vulnerabilities

While promising many benefits, vehicle connectivity and automation create potential vulnerabilities. The increased amount of code makes systems more susceptible to flaws and bugs, and they don’t have the same abilities as humans to avoid accidents. Furthermore, external connectivity offers new entry points for hackers, and cameras and sensors can be spoofed or disrupted.

Several concerning cases highlight emerging risks:

  • In 2015, security researchers Charlie Miller and Chris Valasek managed to take control of a Jeep Cherokee, disabling the brakes and steering. The hackers said they could access thousands of other Jeeps. This forced Chrysler to recall 1.4 million vehicles.
  • In one of the first deployments of an autonomous shuttle by French company Navya, it was involved in an accident involving a reversing truck. Although there was little damage and no injuries, the shuttle was unable to alert the truck to its presence or back up out of its way.
  • In 2021, safety advocate Dan O’Dowd showed how he could visually confuse Tesla’s Autopilot system by altering a speed limit sign, causing sudden braking. Tesla dismissed the test as “not realistic.”

So far, no cyber-attacks have been documented in real-world driving situations. But security experts warn the question is when, not if, hackers may exploit vehicles on the road. Threats go beyond personal safety to include data privacy breaches and system outages that could impact entire vehicle fleets.

Emerging Legal Risks

For plaintiff’s attorneys, cyber vulnerabilities raise new theories of legal liability if hacks or flaws result in crashes or injuries:

  • Product liability claims based on defective design, inadequate cybersecurity protections, or failure to warn about risks
  • Violations of state consumer protection and unfair trade practice laws
  • Class action lawsuits involving data privacy breaches or fraudulent practices
  • Shareholder derivative suits alleging fiduciary breaches by company directors and officers

Manufacturers argue they take security seriously and downplay the real-world risks. They describe testing as unrealistic and worst-case scenarios. But with lives at stake, courts and regulators may take a different view. Even without crashes, significant shareholder and reputational damage can result from data breaches or system outages.

Looking Ahead in Florida

Attorneys have only begun exploring potential cases at the intersection of cybersecurity and auto product liability. Key areas to watch include:

  • How will Florida laws and courts apply product liability concepts to software vulnerabilities? Are code flaws considered dangerous defects?
  • When do manufacturers have a duty to warn about cyber risks, and what warnings are adequate?
  • Can automakers be liable for failing to monitor vehicle fleets for hacks and promptly issue patches and fixes?
  • Are over-the-air software updates subject to lemon law claims if they reduce vehicle functionality?
  • What minimum cybersecurity and data practices are required to avoid unfair trade practice claims?

Technology often advances faster than the law. But Florida attorneys have a duty to hold automakers accountable when cutting corners on cyber safety and open drivers up to preventable risks. No one doubts that vehicles today depend on millions of lines of code. The looming question is how the legal code will protect consumers in the event of a catastrophic software failure.

Recent Incidents and Investigations

While major real-world attacks have not occurred yet, concerning incidents and allegations continue to surface:

  • In 2022, the FBI warned that hackers are actively targeting and attempting to compromise autonomous and connected vehicles. Attacks remain mostly proof-of-concept so far.
  • Apple filed a lawsuit in 2021 against NSO Group, an Israeli spyware company accused of remotely accessing and monitoring vehicles. NSO Group denied the allegations.
  • Tesla is reportedly under investigation by the SEC for failing to disclose that its Autopilot system was vulnerable to potential hacks. Tesla has asserted that vehicles and data are “very well secured.”
  • The Senate Commerce Committee held a contentious 2021 hearing questioning automaker CEOs on how seriously they take cyber risks. Senators criticized evasive answers and lack of accountability.

Plaintiff’s attorneys should track ongoing investigations and pressure on automakers over lax security standards. Evidence uncovered could strengthen future lawsuits when incidents move from theoretical to actual occurrences on the road.

Contact Us if You’ve Been the Victim of a Defective Vehicle

Have you or a loved one been injured in a vehicle crash caused by a cyber-attack or software flaw? If so, the auto product liability attorneys at Monge & Associates are here to help. With decades of experience holding automakers accountable, we know what it takes to build a strong legal claim.

We have offices in 32 locations across 19 states, including Florida, Georgia, and South Carolina. Contact us for a free consultation today on (888) 477-0597.