Security experts warn of risky attacks on tech-loaded cars

August 20, 2012 by Nancy Owano, weblog

( -- Now that tiny computers and electronic communications systems are being designed into cars, hackers can look toward the car, like the PC, as potential roadkill. If cars are to become computers on wheels, a number of security experts are expanding their focus on car security systems and sources of security threats. U.S. computer scientists from California and Washington state have already identified ways in which computer worms and Trojans are carried over to automobiles. Conduits include onboard diagnostics systems, wireless connections and even tainted CDs played on radios systems.

Experts point out that the numerous computers known as electronic control units, or ECUs, require tens of millions of lines of to manage interconnected systems. These range from engines, brakes and navigation to lighting, and entertainment. The same wireless technologies that power cell phones and are in cars and in turn are vulnerable to remote attacks.

Unlike PCs, though, the ’s goal with cars may not be to rob the victim of information but to steal the car, or spy on in-car conversation, or cause the vehicle to crash.

McAfee, a subsidiary of Intel and known for its security work to remedy PC viruses, are conducting research on car security at a Beaverton, Oregon garage. Bruce Snell, a McAfee executive, confirmed that automakers are not blind to risks of cyber attacks and are aware of auto system-hacking repercussions far different from seeing laptop data swiped and wiped. McAfee, a subsidiary of Intel, issued a report on automotive systems security with a title that reveals what it sees as the coming risks: “Caution: Malware Ahead.”

Researchers of the University of California, San Diego, and the University of Washington have already figured out how to hack into a modern car using a laptop. The same research team extended the scenario to remotely mount attacks via Bluetooth. According to the McAfee paper, another attack scenario was presented by researchers of the University of South Carolina and Rutgers. They demonstrated it was possible to mount an attack on a vehicle and compromise passengers’ privacy by tracking Radio Frequency Identification (RFID )tags using long-distance readers at around 40 meters; the RFID tags are used in tires for sensor data over wireless short-distance communication to the vehicle.

Reports do not single out vendors because the issues are relevant to the entire industry; automakers use common suppliers and processes. Nonetheless, a Reuters check of vendor initiatives shows concern in responses.

Major U.S. automakers did not say if they knew of any instances in which their vehicles had been attacked with malicious software or if they had recalled cars to fix security vulnerabilities. At the same time, nothing is impossible and they are working to keep their systems as safe as possible.

Ford has its security engineers working on SYNC in-vehicle communications and entertainment system to ensure it is as resistant as possible to attack, according to the Reuters report. Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents and that hacking was at least close to impossible. A Toyota source said the vehicles are designed to change their coding constantly. Chrysler is joining industry groups and outside organizations to tackle car security.

As noted in Car and Driver, as more people start to access car networks, the auto industry will beef up relevant security. That may also mean something all too familiar to the PC industry, a relentless skirmish between hackers and automakers.

Explore further: McAfee warns of hacker threat to autos

Related Stories

McAfee warns of hacker threat to autos

September 7, 2011

Cars made smarter with Internet technology are zooming into perilous hacker territory, according to a report by US computer security giant McAfee.

Can an MP3 hack your car?

March 18, 2011

( -- The idea that someone can get into your car without your permission isn't a new one. It's about as old as the coat hanger, but that was back in the days when you locks had a pull up button. We tend to think ...

Beware of Hackers Controlling Your Automobile

May 18, 2010

( -- A team of researchers led by Professor Stefan Savage from the University of California, San Diego and Tadayoshi Kohno from the University of Washington set out to see what it would take to control an automobile’s ...

'Connected' cars new buzzword at IAA fair

September 14, 2011

Following smartphones and tablet computers, motorists look set to be the next big market for connected devices as automakers wow crowds with the latest Internet-enabled models at the IAA motor show.

Tire-pressure monitors vulnerable, researchers say

September 2, 2010

( -- Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

What can machine learning reveal about the solid Earth?

March 22, 2019

Scientists seeking to understand Earth's inner clockwork have deployed armies of sensors listening for signs of slips, rumbles, exhales and other disturbances emanating from the planet's deepest faults to its tallest volcanoes. ...

A social bacterium with versatile habits

March 22, 2019

Related individuals of a soil bacterial species live in cooperative groups and exhibit astonishing genetic and behavioural diversity. ETH researchers recently published these findings in Science .


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Aug 20, 2012
Another reason to be cautious of automated vehicles.
5 / 5 (2) Aug 21, 2012
This doesn't apply just to cars. If it is 'smart' enough so that you can program it, upload to it....That somebody, somewhere will pervert the gidget's intended function for their own purposes, even 'just because they can' is supposed to be surprising? It should be seen as a given. (there is no exception to THAT rule) What did they expect? Cheers, DH66
5 / 5 (4) Aug 21, 2012
Why are car electronics not
a) encrypted
b) closed systems
c) have all security critical systems (like brakes) on a spearate lines
3 / 5 (2) Aug 21, 2012
Installing updates: 1 of 37
Do not switch off ignition.
Moving off after starting your car may take some time in future.
5 / 5 (2) Aug 21, 2012
Simply reboot after a crash! ;)
5 / 5 (2) Aug 21, 2012
I'm hoping my car will last for a few decades. No wifi, gps, or any other remote operations. Lots of computers, but no access.
5 / 5 (2) Aug 21, 2012
One question that's been dogging me is: who do they expect will do work on these cars? At the rate we're digitizing cars, it won't be long before every car mechanic will have to have a degree in computer programming to diagnose a problem...
5 / 5 (1) Aug 21, 2012
If they've managed to get it relatively safe for the Boeing 787, we can do it for cars. Also, I think we need to have more severe punishments for tampering with vehicles. Hacking into a business server now is jail time or a fine. Hacking into vehicles should be attempted murder charges. If you cause the steering, brakes, or navigation to fail and people die, it's obvious it was murder. Even attempting to do so should be attempted murder. That in itself will keep some people from playing with it.
5 / 5 (2) Aug 21, 2012
I'm not sure it's wise to compare a commercial passenger aircraft to a consumer automobile...
5 / 5 (2) Aug 23, 2012
But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.
not rated yet Aug 23, 2012
I'm not sure it's wise to compare a commercial passenger aircraft to a consumer automobile...
Airplanes have access to the cloud.
not rated yet Aug 24, 2012
But then how about smart cars without remote control features? They could do image recognition of the road conditions with cameras and on-board computers, without wi-fi, gps, bluetooth and so on.

I often wonder if car companies (and many other companies) are designing features into our products that they "think" we want or "want us" to want but that we don't really care about. Turning a cell phone into an internet-accessable multi-functional bohemoth was a great idea. Turning my car into one? I don't really see a use for that... and I kind of wish I could get the cool features mentioned above without the wifi/cell connectivity/etc. that keeps getting bundled with it
3.9 / 5 (14) Aug 24, 2012
'Robopocalypse has a lot of scenes of AI vehicles turning on people.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.