McAfee Says Hackers Pose Threat to Cars
Hackers have a potential field day with so many embedded computer chips in cars that allow information to move to and from the vehicle, a new report cautions. The report, “Caution: Malware Ahead,” released yesterday by security software producer McAfee, mobile software provider Wind River, and embedded security maker Escrypt, details scenarios of research-based hacks.
Last year, University of Washington and University of California, San Diego, researchers showed that a vehicle’s critical safety components can be hacked if physical access to the passenger cabin’s electronic components is available. Using “CarShark” software they developed, they were able to hack into a car using a laptop. More recently, the same team remotely accessed the car’s electronics using Bluetooth. Another research team from the University of South Carolina and Rutgers University showed that by using long-distance RFID (radio frequency identification) readers, hackers can track a vehicle and compromise passengers’ privacy by tracking RFID tags used in tires.
As the McAfee report details (PDF):
Going one step further is to combine the CarShark attack and weaknesses of Bluetooth implementation in cars. Once the attacker guesses the Blue-tooth PIN, the attacker could mount the CarShark attack. Other wireless devices like web-based vehicle-immobilization systems that can remotely disable a car could be manipulated in these situations as well. The immobilization system is meant to be a theft deterrent but could be used maliciously to disable cars belonging to unsuspecting owners.1
“As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases. Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety,” said Stuart McClure, senior vice president and general manager, McAfee.
Automotive World gives the following examples:
The new report examines risks associated with cybercriminal activity including remotely unlock and start car via cell phone; disable car remotely; track a driver’s location, activities and routines; steal personal data from a Bluetooth system; disrupt navigation systems; and disable emergency assistance.
“The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise,” said Georg Doll, senior director for automotive solutions at Wind River.
Stefan Goss, a professor of automotive technology at Osfalia University of Applied Sciences, told CNET.com’s Roger Cheng: “I expect a new chapter of car security in the next two car generations.”
Image by McAfee, used under Fair Use: Reporting.