Publications
Partners
SAN JOSE, California - Imagine this scenario: al-Qaeda causes vehcles racing down a freeway experience sudden brake failure.
Implausible? Maybe not, some experts warn.
According to studies by university researchers and security companies, as vehicles are equipped with electronic aids such as crash-avoidance and electronic stability systems, they become more vulnerable to cyber-attacks.
TYRE-PRESSURE TRAP
As reported in a Detroit News olumn, a vehicle's computer controls could be remotely accessed through their Bluetooth or wi-fi connections, potentially allowing terrorists to simultaneously disable the brakes of numerous cars, corporate spies to eavesdrop on a motoring executive's phone calls, or thieves to electronically locate, break into and steal vehicles.
Another study showed how a vehicle's tyre-pressure warning system could be wirelessly tricked into sending a false alert. The driver would pullover to check their and criminals following behind could hijack them.
Ryan Permeh, a principal security architect at Intel's McAfee division, speculated that the bad guys might short-sell an automaker's stock then cause widespread problems to its cars - and consequently to its share price.
Permeh told the DetNews: "I can imagine organised crime or potentially even nation states leveraging weaknesses in these functions to cause various kinds of havoc."
Although instances of car hacking were extremely rare, he added, the threat has attracted the attention of automakers.
INFILTRATION
The DetNews added that the subject of vehicle cyber-terror has attracted the attention of the US goverment. The National Highway Traffic Safety Administration said in a statement that it had asked the National Academy of Sciences to look into the matter.
The agency said: "The NHTSA is aware of the potential for hackers and is working with automakers better to understand what steps can and are being taken to address the problem."
Due to consumer demand for entertainment, convenience and safety features, it's not unusual for a luxury vehicle to have 70 computerised control units monitoring everything from the engine and its transmission to headlights, cabin temperature, air bags and cruise control. Unfortunately various wireless connections can enable hackers to electronically infiltrate an automobile and take virtual control of it, experts have determined.
The DetNews said a study released in September 2011 about the "emerging risks in automotive system security", security company McAfee outlined a case of a disgruntled former employee of a Texas used-car dealer. By accessing the system the dealership used to remotely deactivate cars whose buyers failed to make payments, he created mayhem by blaring the horns and shutting off the engines of more than 100 vehicles.
FUTURE PROBLEMS
The University of South Carolina reported that one vehicle caused the tyre-pressure warning system of another to send bogus alerts to its instrument panel. Such false alerts could prompt drivers to pull over to check their wheels, "presenting ample opportunity for criminal activities".
Another troubling flaw was uncovered by a security tester who, after hacking into police video recorders, said "he was easily able to upload, download and delete files that stored months of video feeds".
Still more weaknesses were detailed in a study in August 2011 by the Centre for Automotive Embedded Systems Security, a collaboration between the University of California-San Diego and the University of Washington. The study revealed that thieves could wirelessly command groups of cars to report their GPS co-ordinates and vehicle identification numbers, enabling crooks to learn the year, make, model and location of the most expensive vehicles.
The study also revealed that criminals could then steal those vehicles by issuing wireless commands to disable their alarms, unlock them and start their engines.
Using a related technique, the study warned, corporate spies could listen in on phone conversations of a motoring executive, or terrorists who previously had infected numerous cars with malicious software could later command the vehicles to "simultaneously disengage the brakes when driving at high speed".
Implausible? Maybe not, some experts warn.
According to studies by university researchers and security companies, as vehicles are equipped with electronic aids such as crash-avoidance and electronic stability systems, they become more vulnerable to cyber-attacks.
TYRE-PRESSURE TRAP
As reported in a Detroit News olumn, a vehicle's computer controls could be remotely accessed through their Bluetooth or wi-fi connections, potentially allowing terrorists to simultaneously disable the brakes of numerous cars, corporate spies to eavesdrop on a motoring executive's phone calls, or thieves to electronically locate, break into and steal vehicles.
Another study showed how a vehicle's tyre-pressure warning system could be wirelessly tricked into sending a false alert. The driver would pullover to check their and criminals following behind could hijack them.
Ryan Permeh, a principal security architect at Intel's McAfee division, speculated that the bad guys might short-sell an automaker's stock then cause widespread problems to its cars - and consequently to its share price.
Permeh told the DetNews: "I can imagine organised crime or potentially even nation states leveraging weaknesses in these functions to cause various kinds of havoc."
Although instances of car hacking were extremely rare, he added, the threat has attracted the attention of automakers.
INFILTRATION
The DetNews added that the subject of vehicle cyber-terror has attracted the attention of the US goverment. The National Highway Traffic Safety Administration said in a statement that it had asked the National Academy of Sciences to look into the matter.
The agency said: "The NHTSA is aware of the potential for hackers and is working with automakers better to understand what steps can and are being taken to address the problem."
Due to consumer demand for entertainment, convenience and safety features, it's not unusual for a luxury vehicle to have 70 computerised control units monitoring everything from the engine and its transmission to headlights, cabin temperature, air bags and cruise control. Unfortunately various wireless connections can enable hackers to electronically infiltrate an automobile and take virtual control of it, experts have determined.
The DetNews said a study released in September 2011 about the "emerging risks in automotive system security", security company McAfee outlined a case of a disgruntled former employee of a Texas used-car dealer. By accessing the system the dealership used to remotely deactivate cars whose buyers failed to make payments, he created mayhem by blaring the horns and shutting off the engines of more than 100 vehicles.
FUTURE PROBLEMS
The University of South Carolina reported that one vehicle caused the tyre-pressure warning system of another to send bogus alerts to its instrument panel. Such false alerts could prompt drivers to pull over to check their wheels, "presenting ample opportunity for criminal activities".
Another troubling flaw was uncovered by a security tester who, after hacking into police video recorders, said "he was easily able to upload, download and delete files that stored months of video feeds".
Still more weaknesses were detailed in a study in August 2011 by the Centre for Automotive Embedded Systems Security, a collaboration between the University of California-San Diego and the University of Washington. The study revealed that thieves could wirelessly command groups of cars to report their GPS co-ordinates and vehicle identification numbers, enabling crooks to learn the year, make, model and location of the most expensive vehicles.
The study also revealed that criminals could then steal those vehicles by issuing wireless commands to disable their alarms, unlock them and start their engines.
Using a related technique, the study warned, corporate spies could listen in on phone conversations of a motoring executive, or terrorists who previously had infected numerous cars with malicious software could later command the vehicles to "simultaneously disengage the brakes when driving at high speed".
