Security experts warn of risky attacks on tech-loaded cars

Aug 20, 2012 by Nancy Owano weblog

(Phys.org) -- Now that tiny computers and electronic communications systems are being designed into cars, hackers can look toward the car, like the PC, as potential roadkill. If cars are to become computers on wheels, a number of security experts are expanding their focus on car security systems and sources of security threats. U.S. computer scientists from California and Washington state have already identified ways in which computer worms and Trojans are carried over to automobiles. Conduits include onboard diagnostics systems, wireless connections and even tainted CDs played on radios systems.

Experts point out that the numerous computers known as electronic control units, or ECUs, require tens of millions of lines of to manage interconnected systems. These range from engines, brakes and navigation to lighting, and entertainment. The same wireless technologies that power cell phones and are in cars and in turn are vulnerable to remote attacks.

Unlike PCs, though, the ’s goal with cars may not be to rob the victim of information but to steal the car, or spy on in-car conversation, or cause the vehicle to crash.

McAfee, a subsidiary of Intel and known for its security work to remedy PC viruses, are conducting research on car security at a Beaverton, Oregon garage. Bruce Snell, a McAfee executive, confirmed that automakers are not blind to risks of cyber attacks and are aware of auto system-hacking repercussions far different from seeing laptop data swiped and wiped. McAfee, a subsidiary of Intel, issued a report on automotive systems security with a title that reveals what it sees as the coming risks: “Caution: Malware Ahead.”

Researchers of the University of California, San Diego, and the University of Washington have already figured out how to hack into a modern car using a laptop. The same research team extended the scenario to remotely mount attacks via Bluetooth. According to the McAfee paper, another attack scenario was presented by researchers of the University of South Carolina and Rutgers. They demonstrated it was possible to mount an attack on a vehicle and compromise passengers’ privacy by tracking Radio Frequency Identification (RFID )tags using long-distance readers at around 40 meters; the RFID tags are used in tires for sensor data over wireless short-distance communication to the vehicle.

Reports do not single out vendors because the issues are relevant to the entire industry; automakers use common suppliers and processes. Nonetheless, a Reuters check of vendor initiatives shows concern in responses.

Major U.S. automakers did not say if they knew of any instances in which their vehicles had been attacked with malicious software or if they had recalled cars to fix security vulnerabilities. At the same time, nothing is impossible and they are working to keep their systems as safe as possible.

Ford has its security engineers working on SYNC in-vehicle communications and entertainment system to ensure it is as resistant as possible to attack, according to the Reuters report. Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents and that hacking was at least close to impossible. A Toyota source said the vehicles are designed to change their coding constantly. Chrysler is joining industry groups and outside organizations to tackle car security.

As noted in Car and Driver, as more people start to access car networks, the auto industry will beef up relevant security. That may also mean something all too familiar to the PC industry, a relentless skirmish between hackers and automakers.

Explore further: Prototype display uses eyeglass prescription to allow for viewing devices without glasses

Related Stories

McAfee warns of hacker threat to autos

Sep 07, 2011

Cars made smarter with Internet technology are zooming into perilous hacker territory, according to a report by US computer security giant McAfee.

Can an MP3 hack your car?

Mar 18, 2011

(PhysOrg.com) -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. ...

Beware of Hackers Controlling Your Automobile

May 18, 2010

(PhysOrg.com) -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to ...

'Connected' cars new buzzword at IAA fair

Sep 14, 2011

Following smartphones and tablet computers, motorists look set to be the next big market for connected devices as automakers wow crowds with the latest Internet-enabled models at the IAA motor show.

Tire-pressure monitors vulnerable, researchers say

Sep 02, 2010

(PhysOrg.com) -- Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at ...

Recommended for you

User comments : 13

Adjust slider to filter visible comments by rank

Display comments: newest first

GenesisNemesis
not rated yet Aug 20, 2012
Another reason to be cautious of automated vehicles.
DarkHorse66
5 / 5 (2) Aug 21, 2012
This doesn't apply just to cars. If it is 'smart' enough so that you can program it, upload to it....That somebody, somewhere will pervert the gidget's intended function for their own purposes, even 'just because they can' is supposed to be surprising? It should be seen as a given. (there is no exception to THAT rule) What did they expect? Cheers, DH66
antialias_physorg
5 / 5 (4) Aug 21, 2012
Why are car electronics not
a) encrypted
b) closed systems
c) have all security critical systems (like brakes) on a spearate lines
88HUX88
3 / 5 (2) Aug 21, 2012
Installing updates: 1 of 37
Do not switch off ignition.
Moving off after starting your car may take some time in future.
Peteri
5 / 5 (2) Aug 21, 2012
Simply reboot after a crash! ;)
dschlink
5 / 5 (2) Aug 21, 2012
I'm hoping my car will last for a few decades. No wifi, gps, or any other remote operations. Lots of computers, but no access.
NotAsleep
5 / 5 (2) Aug 21, 2012
One question that's been dogging me is: who do they expect will do work on these cars? At the rate we're digitizing cars, it won't be long before every car mechanic will have to have a degree in computer programming to diagnose a problem...
trekgeek1
5 / 5 (1) Aug 21, 2012
If they've managed to get it relatively safe for the Boeing 787, we can do it for cars. Also, I think we need to have more severe punishments for tampering with vehicles. Hacking into a business server now is jail time or a fine. Hacking into vehicles should be attempted murder charges. If you cause the steering, brakes, or navigation to fail and people die, it's obvious it was murder. Even attempting to do so should be attempted murder. That in itself will keep some people from playing with it.
NotAsleep
5 / 5 (2) Aug 21, 2012
I'm not sure it's wise to compare a commercial passenger aircraft to a consumer automobile...
victor_petrovich_31
5 / 5 (2) Aug 23, 2012
But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.
kochevnik
not rated yet Aug 23, 2012
I'm not sure it's wise to compare a commercial passenger aircraft to a consumer automobile...
Airplanes have access to the cloud.
NotAsleep
not rated yet Aug 24, 2012
But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.

I often wonder if car companies (and many other companies) are designing features into our products that they "think" we want or "want us" to want but that we don't really care about. Turning a cell phone into an internet-accessable multi-functional bohemoth was a great idea. Turning my car into one? I don't really see a use for that... and I kind of wish I could get the cool features mentioned above without the wifi/cell connectivity/etc. that keeps getting bundled with it
TheGhostofOtto1923
3.9 / 5 (14) Aug 24, 2012
'Robopocalypse has a lot of scenes of AI vehicles turning on people.
http://en.wikiped...ocalypse