The Dark Side Of Clever Car Tech
21 August 2012 - Wheels News
Intel's McAfee unit, which is best known for software that fights PC viruses, is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car.
It's scary business. Security experts say that automakers have so far failed to adequately protect these systems, leaving them vulnerable to hacks by attackers looking to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.
John Bumgarner, chief technology officer of the US Cyber Consequences Unit, a non-profit organisation that helps companies analyse the potential for targeted computer attacks on their networks and products, said: "You can definitely kill people."
To date there have been no reports of violent attacks on vehicles using a computer virus, according to SAE International, an association of more than 128 000 technical professionals working in the aerospace and the auto industries.
Jack Pokrzywa, SAE's manager of ground vehicle standards said: "Any cyber security breach carries certain risk, SAE Vehicle Electrical System Security Committee is working hard to develop specifications which will reduce that risk in the vehicle area."
The group of US computer scientists from California and Washington state issued a second report in 2011 that identified ways in which computer worms and Trojans could be delivered to automobiles - via onboard diagnostics systems, wireless connections and even tainted CDs played on radios systems.
Toyota, the world's biggest automaker, said it was not aware of any hacking incidents on its cars.
Toyota spokesman John Hanson said: "They're basically designed to change coding constantly. I won't say it's impossible to hack, but it's pretty close."
Bruce Snell, a McAfee executive who oversees his company's research on car security at a Beaverton, Oregon garage, said automakers were fairly concerned about the potential cyber attacks because of the frightening repercussions.
"If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening," he said. "I don't think people need to panic now. But the future is really scary."
'Computer on wheels'
White hats are increasingly looking beyond PCs and data centers for security vulnerabilities that have plagued the computer industry for decades and focusing on products such as cars, medical devices and electricity meters that run on tiny computers embedded in those products.
Cars are already considered "computers on wheels" by security experts. They are filled with dozens of tiny computers known as electronic control units, or ECUs, that require tens of millions of lines of computer code to manage interconnected systems including engines, brakes and navigation as well as lighting, ventilation and entertainment.
Stuart McClure, an expert on vehicle security who stepped down as worldwide chief technology officer of McAfee to start his own firm, said: "There is tons of opportunity for attack on car systems."
Security analysts fear that criminals, terrorists and spies are gradually turning their attention to embedded computers, many of which can be attacked using some of the same techniques as regular computers.
Automakers are rushing to make it easy to plug portable computers and phones to vehicles and connect them to the Internet, but in many cases they are also exposing critical systems that run their vehicles to potential attackers because those networks are all linked within the car.
Joe Grand, an electrical engineer and independent hardware security expert, said: "The manufacturers, like those of any other hardware products, are implementing features and technology just because they can and don't fully understand the potential risks of doing so."
Concerns about such possibilities emerged after a group of computer scientists from the University of California and the University of Washington published two landmark research papers that showed computer viruses can infect cars and cause them to crash, potentially harming passengers.
One issue of concern is fighting ordinary PC viruses that could potentially infect cars when laptops and other devices are plugged into infotainment systems.
"Viruses are something that needs to be addressed directly. How we guard against that transfer to our system is a primary focus of our efforts," said Hanson.