Driver, beware—your car might be susceptible to computer viruses. It’s not science fiction; it’s science fact.
Stuart McClure, Senior Vice President and General Manager of McAfee, and an expert on automobile security, says, “There is tons of opportunity for attack on car systems.” A car’s security can be breached via a tainted CD played on the stereo system, through a wireless connection or with the onboard diagnostic system. Automakers have yet to address these vulnerabilities, which car hackers can exploit to eavesdrop on conversations, steal vehicles or cause cars to crash, with potentially deadly consequences.
From a security standpoint, cars are essentially “computers on wheels”; every modern car has an electronic communications system and miniature computers built in, and these can be hacked. Experts say that the vast majority of cars on the road today are susceptible to infection, though to date no cases of injury or death have been reported as arising from attacks using computer viruses on cars.
The tiny computers running today’s vehicles are called ECUs, or electronic control units; they are based on millions of lines of code and they manage numerous interconnected systems like engines, navigation, brakes and entertainment. Automobiles also employ wireless technologies, like those powering Bluetooth headsets and cell phones, which means they are vulnerable to remote attacks.
Hackers can guess a car’s Bluetooth PIN and thereby gain access to its systems; they can also covertly track drivers in cars installed with a GPS connected to cloud-based applications. Researchers have foundthat a virus targeting certain vehicles can start and stop the engine at will, engage or release brakes, lock and unlock doors, and toggle headlights on and off. The researchers did not mention which specific models of cars they used to test these vulnerabilities; their takeaway, though, was that all cars are in danger of being hacked, particularly since the majority of the auto manufacturers they looked into use the same suppliers and development processes across the industry. Hackers disguised as technicians can install innocuous-looking plugs, containing viruses, Trojans or worms, during a routine maintenance check. The potential risks to drivers are staggering, and the conclusions are clear: car software is fragile and easy to undermine. In the pursuit of comfort and performance, the auto industry has made cars that are technologically advanced but technically vulnerable.
SAE International, an association of aerospace and auto professionals, has charged a committee of industry experts with advising auto manufacturers on the prevention, detection and mitigation of cyber attacks on cars. A number of other firms have also stepped up to study and resolve car security issues, including the McAfee unit at Intel Corp. and the US Cyber Consequences Unit. Auto makers would do well to work with these organizations and invest in the security of their products.
Word Count: 463; bhive.ca
September 5, 2012: http://bhive.ca/5.0/BHIVE-blog/hacking-into-your-car.html