Security experts warn of risky attacks on tech-loaded cars

Aug 20, 2012 by Nancy Owano weblog

(Phys.org) -- Now that tiny computers and electronic communications systems are being designed into cars, hackers can look toward the car, like the PC, as potential roadkill. If cars are to become computers on wheels, a number of security experts are expanding their focus on car security systems and sources of security threats. U.S. computer scientists from California and Washington state have already identified ways in which computer worms and Trojans are carried over to automobiles. Conduits include onboard diagnostics systems, wireless connections and even tainted CDs played on radios systems.

Experts point out that the numerous computers known as electronic control units, or ECUs, require tens of millions of lines of to manage interconnected systems. These range from engines, brakes and navigation to lighting, and entertainment. The same wireless technologies that power cell phones and are in cars and in turn are vulnerable to remote attacks.

Unlike PCs, though, the ’s goal with cars may not be to rob the victim of information but to steal the car, or spy on in-car conversation, or cause the vehicle to crash.

McAfee, a subsidiary of Intel and known for its security work to remedy PC viruses, are conducting research on car security at a Beaverton, Oregon garage. Bruce Snell, a McAfee executive, confirmed that automakers are not blind to risks of cyber attacks and are aware of auto system-hacking repercussions far different from seeing laptop data swiped and wiped. McAfee, a subsidiary of Intel, issued a report on automotive systems security with a title that reveals what it sees as the coming risks: “Caution: Malware Ahead.”

Researchers of the University of California, San Diego, and the University of Washington have already figured out how to hack into a modern car using a laptop. The same research team extended the scenario to remotely mount attacks via Bluetooth. According to the McAfee paper, another attack scenario was presented by researchers of the University of South Carolina and Rutgers. They demonstrated it was possible to mount an attack on a vehicle and compromise passengers’ privacy by tracking Radio Frequency Identification (RFID )tags using long-distance readers at around 40 meters; the RFID tags are used in tires for sensor data over wireless short-distance communication to the vehicle.

Reports do not single out vendors because the issues are relevant to the entire industry; automakers use common suppliers and processes. Nonetheless, a Reuters check of vendor initiatives shows concern in responses.

Major U.S. automakers did not say if they knew of any instances in which their vehicles had been attacked with malicious software or if they had recalled cars to fix security vulnerabilities. At the same time, nothing is impossible and they are working to keep their systems as safe as possible.

Ford has its security engineers working on SYNC in-vehicle communications and entertainment system to ensure it is as resistant as possible to attack, according to the Reuters report. Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents and that hacking was at least close to impossible. A Toyota source said the vehicles are designed to change their coding constantly. Chrysler is joining industry groups and outside organizations to tackle car security.

As noted in Car and Driver, as more people start to access car networks, the auto industry will beef up relevant security. That may also mean something all too familiar to the PC industry, a relentless skirmish between hackers and automakers.

Explore further: Bringing history and the future to life with augmented reality

Related Stories

McAfee warns of hacker threat to autos

Sep 07, 2011

Cars made smarter with Internet technology are zooming into perilous hacker territory, according to a report by US computer security giant McAfee.

Can an MP3 hack your car?

Mar 18, 2011

(PhysOrg.com) -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. ...

Beware of Hackers Controlling Your Automobile

May 18, 2010

(PhysOrg.com) -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to ...

'Connected' cars new buzzword at IAA fair

Sep 14, 2011

Following smartphones and tablet computers, motorists look set to be the next big market for connected devices as automakers wow crowds with the latest Internet-enabled models at the IAA motor show.

Tire-pressure monitors vulnerable, researchers say

Sep 02, 2010

(PhysOrg.com) -- Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at ...

Recommended for you

Patent talk: Google sharpens contact lens vision

Apr 16, 2014

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Neuroscientist's idea wins new-toy award

Apr 15, 2014

When he was a child, Robijanto Soetedjo used to play with his electrically powered toys for a while and then, when he got bored, take them apart - much to the consternation of his parents.

Land Rover demos invisible bonnet / car hood (w/ video)

Apr 14, 2014

(Phys.org) —Land Rover has released a video demonstrating a part of its Discover Vision Concept—the invisible "bonnet" or as it's known in the U.S. the "hood" of the car. It's a concept the automaker ...

User comments : 13

Adjust slider to filter visible comments by rank

Display comments: newest first

GenesisNemesis
not rated yet Aug 20, 2012
Another reason to be cautious of automated vehicles.
DarkHorse66
5 / 5 (2) Aug 21, 2012
This doesn't apply just to cars. If it is 'smart' enough so that you can program it, upload to it....That somebody, somewhere will pervert the gidget's intended function for their own purposes, even 'just because they can' is supposed to be surprising? It should be seen as a given. (there is no exception to THAT rule) What did they expect? Cheers, DH66
antialias_physorg
5 / 5 (4) Aug 21, 2012
Why are car electronics not
a) encrypted
b) closed systems
c) have all security critical systems (like brakes) on a spearate lines
88HUX88
3 / 5 (2) Aug 21, 2012
Installing updates: 1 of 37
Do not switch off ignition.
Moving off after starting your car may take some time in future.
Peteri
5 / 5 (2) Aug 21, 2012
Simply reboot after a crash! ;)
dschlink
5 / 5 (2) Aug 21, 2012
I'm hoping my car will last for a few decades. No wifi, gps, or any other remote operations. Lots of computers, but no access.
NotAsleep
5 / 5 (2) Aug 21, 2012
One question that's been dogging me is: who do they expect will do work on these cars? At the rate we're digitizing cars, it won't be long before every car mechanic will have to have a degree in computer programming to diagnose a problem...
trekgeek1
5 / 5 (1) Aug 21, 2012
If they've managed to get it relatively safe for the Boeing 787, we can do it for cars. Also, I think we need to have more severe punishments for tampering with vehicles. Hacking into a business server now is jail time or a fine. Hacking into vehicles should be attempted murder charges. If you cause the steering, brakes, or navigation to fail and people die, it's obvious it was murder. Even attempting to do so should be attempted murder. That in itself will keep some people from playing with it.
NotAsleep
5 / 5 (2) Aug 21, 2012
I'm not sure it's wise to compare a commercial passenger aircraft to a consumer automobile...
victor_petrovich_31
5 / 5 (2) Aug 23, 2012
But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.
kochevnik
not rated yet Aug 23, 2012
I'm not sure it's wise to compare a commercial passenger aircraft to a consumer automobile...
Airplanes have access to the cloud.
NotAsleep
not rated yet Aug 24, 2012
But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.

I often wonder if car companies (and many other companies) are designing features into our products that they "think" we want or "want us" to want but that we don't really care about. Turning a cell phone into an internet-accessable multi-functional bohemoth was a great idea. Turning my car into one? I don't really see a use for that... and I kind of wish I could get the cool features mentioned above without the wifi/cell connectivity/etc. that keeps getting bundled with it
TheGhostofOtto1923
3.9 / 5 (14) Aug 24, 2012
'Robopocalypse has a lot of scenes of AI vehicles turning on people.
http://en.wikiped...ocalypse

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...