Cars at risk from cyber attack?

2012-01-03 11:32

SAN JOSE, California - Imagine this scenario: al-Qaeda causes vehcles racing down a freeway experience sudden brake failure.

Implausible? Maybe not, some experts warn.

According to studies by university researchers and security companies, as vehicles are equipped with electronic aids such as crash-avoidance and electronic stability systems, they become more vulnerable to cyber-attacks.


As reported in a Detroit News olumn, a vehicle's computer controls could be remotely accessed through their Bluetooth or wi-fi connections, potentially allowing terrorists to simultaneously disable the brakes of numerous cars, corporate spies to eavesdrop on a motoring executive's phone calls, or thieves to electronically locate, break into and steal vehicles.

Another study showed how a vehicle's tyre-pressure warning system could be wirelessly tricked into sending a false alert. The driver would pullover to check their and criminals following behind could hijack them.

Ryan Permeh, a principal security architect at Intel's McAfee division, speculated that the bad guys might short-sell an automaker's stock then cause widespread problems to its cars - and consequently to its share price.

Permeh told the DetNews: "I can imagine organised crime or potentially even nation states leveraging weaknesses in these functions to cause various kinds of havoc."

Although instances of car hacking were extremely rare, he added, the threat has attracted the attention of automakers.


The DetNews added that the subject of vehicle cyber-terror has attracted the attention of the US goverment. The National Highway Traffic Safety Administration said in a statement that it had asked the National Academy of Sciences to look into the matter.

The agency said: "The NHTSA is aware of the potential for hackers and is working with automakers better to understand what steps can and are being taken to address the problem."

Due to consumer demand for entertainment, convenience and safety features, it's not unusual for a luxury vehicle to have 70 computerised control units monitoring everything from the engine and its transmission to headlights, cabin temperature, air bags and cruise control. Unfortunately various wireless connections can enable hackers to electronically infiltrate an automobile and take virtual control of it, experts have determined.

The DetNews said a study released in September 2011 about the "emerging risks in automotive system security", security company McAfee outlined a case of a disgruntled former employee of a Texas used-car dealer. By accessing the system the dealership used to remotely deactivate cars whose buyers failed to make payments, he created mayhem by blaring the horns and shutting off the engines of more than 100 vehicles.


The University of South Carolina reported that one vehicle caused the tyre-pressure warning system of another to send bogus alerts to its instrument panel. Such false alerts could prompt drivers to pull over to check their wheels, "presenting ample opportunity for criminal activities".

Another troubling flaw was uncovered by a security tester who, after hacking into police video recorders, said "he was easily able to upload, download and delete files that stored months of video feeds".

Still more weaknesses were detailed in a study in August 2011 by the Centre for Automotive Embedded Systems Security, a collaboration between the University of California-San Diego and the University of Washington. The study revealed that thieves could wirelessly command groups of cars to report their GPS co-ordinates and vehicle identification numbers, enabling crooks to learn the year, make, model and location of the most expensive vehicles.

The study also revealed that criminals could then steal those vehicles by issuing wireless commands to disable their alarms, unlock them and start their engines.

Using a related technique, the study warned, corporate spies could listen in on phone conversations of a motoring executive, or terrorists who previously had infected numerous cars with malicious software could later command the vehicles to "simultaneously disengage the brakes when driving at high speed".

  • Max - 2012-01-03 12:20

    My mother in law drives a new Mercedes Benz C-class. Does anyone know how to hack that system.

      steve.dupreez - 2012-01-03 13:06

      It's quite easy I believe - stand infront of a solid wall, wave at you M-I-L and see how quickly the brakes fail :)

  • steve.dupreez - 2012-01-03 13:06

    Oh hell and damnation. And I just upgraded August 2011 to a more technologically advanced car. I miss my A3 - no fancy bits, just plain straight forward driving.

  • robin.harriram - 2012-01-03 13:07

    I always preferred a simple drivetrain(no computers), where if you break down on the road, a mechanic living close by can fix your problem(maak n plan) and you can be on your way without having to return home if you are going on holiday because you will have nothing left in your pocket or bank account if you are an average breadwinner. The cost of towing and storing the vehicle before it gets fixed is really a lot. back to the 60s technology on cars.

      Phoenix - 2012-01-04 09:51

      Id rather have super high-tech. Many if not most cars are on motor plans that covers towing in any case. I have owned more than 30 cars over the past 20 years - and have never been stranded by any one of them and I drive A LOT. I'd rather be safe in 21st century technology than in a coma because of 60s non-tech.

  • will.glibbery - 2012-01-04 08:53

    Hahaha, this is the sort of article belongs in YOU magazine. Modern car management systems are so different on so many cars, besides perhaps a virus being uploaded along with your USB Kurt Darren 'treffers' messing with your radio software, the sort of tech needed to override active safety features on a car would require Hurcelean efforts. It is a lot easier just to plant an IED at the road side. And that Uni research of the tyre pressure monitoring system? Lol, those systems don't work half the time even on the German machines, any sabotage would first have to work out the bugs on the standard system before they can add new ones.

  • mbongenia - 2012-01-04 16:59

    lets hope these cars dont have a [disable brake system, and or lock steering wheel] feature on them installed

  • Krista Stein-Brown - 2012-01-05 01:07

    Who ever wrote this article seriously needs to do spell check! Also why even post this so everyone that can hack systems start to think about this and go on a rampage!

  • kevin.grinaker - 2012-01-05 13:29

    I had a tracking system fitted to my Audi A6, back in 2000, that reacted to numbers dialled from a phone. I could demobilise the car lock the windows and doors, just by phoning a number and entering a code for each event. We had great fun in Durban in the middle of a February (Heat) by "trapping" a good friend of mine in the car while he was taking it on a test drive (typical bunch of Pilots). He, though, was not amused. While I was away on a week's charter (Pilot), the car had been into the panel beaters to get the bumpers colour coded. They disconnected the battery while they worked on the car. Of course the system went into demobilise mode and they could not get the car started. It was sent to Audi Durban to be worked on. On my return from the flight, I was summonsed to the dealership, where the "best brains" had been working on it changing fuel pumps and other things. There were three or four individuals working on the car when I got there. All of them were totally baffled. I walked outside, phoned the number and code and walked back into the workshop, for extra fun I took the key out of the ignition, closed the driver's door and manually locked and opened the door with the key and then started the car. They were dumbfounded. I let them in on the secret after that. However, that system has since been banned from being placed in motor cars.

  • pages:
  • 1