Your Car is about to be Hacked
Car thieves rejoice as new, technology-packed cars hit the road. The next time you see a commercial for the motor vehicle app, you should ask yourself: “Do I really want the ability to start my car from the airport?”
Maybe you do. Perhaps you like the idea of being connected to your vehicle 24 hours a day, seven days a week. The problem is that if you are connected criminals have the potential to be as well.
McAfee (the Intel (NASDAQ: INTC)-owned cyber security company) has released a report, “Caution: Malware Ahead,” on that very concern. Just as hackers first posed a threat to the safety of our personal information online, they now pose a threat to our cell phones and Internet-connected devices. It’s an ongoing battle that will likely never end.
While this might seem like a problem that drivers won’t ever have to worry about (after all, it’s not as if we have a bunch of self-driving cars on the road), there is already some evidence showing the contrary. According to the report, researchers at the University of California, San Diego, together with researchers at the University of Washington, demonstrated last year that “critical safety components of a vehicle can be hacked if physical access to the vehicle’s electronic components inside the passenger cabin is available.”
“The proof-of-concept software, which they dubbed ‘CarShark,’ was developed using homemade software and a standard computer port,” the report says. “The scientists figured out how to hack into a modern car using a laptop. Recently, the same research team extended the scenario to remotely mount attacks via Bluetooth. This demonstration supports the need to consider the future security implications of embedded devices in cars and conveniences such as mobile phones, GPS, and Bluetooth.”
(Those who are interested in learning more about the researchers’ findings should take a look at this story from PCWorld.)
“Another attack was presented by researchers of the University of South Carolina and Rutgers University,” the report continues. “Modern vehicles are mandatorily equipped with a tire pressure monitoring system. Radio frequency identification (RFID) tags are used within the tires to provide sensor data over wireless short-distance communication to the vehicle. The researchers showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters. While no actual exploit in the field is known, and it is not yet understood if and to what extent this attack poses a threat for passengers’ privacy, it is something that should be monitored.”
Stuart McClure, senior VP and General Manager at McAfee, is very concerned. “As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases,” he said. “Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”
Meanwhile, Georg Doll, the senior Director for Automotive Solutions at Wind River (which partnered with McAfee for this report), believes that as our vehicles become more connected, our potential security vulnerabilities will increase. “The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them,” Doll said. “Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”
While the findings certainly indicate the potential for a hacking problem within cars (don’t kid yourself into thinking otherwise), one skeptic has already appeared.
– By Louis Bedigian
Follow me @LouisBedigian
This news content was configured by WebWire editorial staff. Linking is permitted.
News Release Distribution and Press Release Distribution Services Provided by WebWire.