You’re probably aware that a virus can attack your home computer, but what about the computers in your car? Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available. Other researchers have shown that it’s possible to track a vehicle and compromise passengers’ privacy by reading its radio-frequency identification (RFID) tags using powerful long-distance readers. Now McAfee, Wind River and ESCRYPT have teamed up to release a new report on the issue, and it is eye-opening.
Called “Caution: Malware Ahead,” the analysis of emerging risks in automotive system security examines the electrical systems that have become commonplace in today’s cars. These embedded devices are used in almost all areas of automobiles, including airbags, radios, power seats, antilock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication.
“As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases,” says Stuart McClure, senior vice president and general manager of McAfee. “Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised, but having your car hacked could translate to dire risks to your personal safety.”
The automobile industry frequently adds technologies that deliver new conveniences, such as Internet access and the ability to further personalize the driving experience. Consumers want to stay connected, even in their cars, and that motivates manufacturers to increase integration between cars and consumer devices such as smartphones and tablets. However, in the rush to add features, the report claims security has often been an afterthought. The report highlights examples of how automotive systems have been compromised.
That means criminals could remotely unlock and start your car via cell phone, or even disable your car remotely, leaving you defenseless. Other real threats include tracking your location, activities and routines, and stealing personal data from your car’s Bluetooth system.
“As the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities,” says Georg Doll, senior director of automotive solutions at Wind River. “The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”
