Intel sets team on thwarting car hackers

20 Aug 2012
car

Security experts seek to plug holes before it's too late

With computers playing an ever-increasing role in driving cars there's a real concern over hackers taking over control systems – so much so that Intel has put a dedicated team on the case.

In a US garage the security staff search for electronic bugs that could make cars vulnerable to lethal computer viruses.

Intel's McAfee unit is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car.

Security experts say that car manufacturers have so far failed to adequately protect these systems, leaving them vulnerable to hacks by attackers looking to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.

If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening

"You can definitely kill people," said John Bumgarner, chief technology officer of the US Cyber Consequences Unit a research organisation, underlining the potential for targeted computer attacks on networks and products.

To date there have been no reports of violent attacks on vehicles using a computer virus, according to SAE International, an association of more than 128,000 technical professionals working in the aerospace and the auto industries.

Yet, Ford spokesman Alan Hall said his company had tasked its security engineers with making its Sync in-vehicle communications and entertainment system as resistant as possible to attack. "Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset," he said.

And a group of US computer scientists shook the industry in 2010 with a landmark study that showed viruses could damage cars when they were moving at high speeds. Their tests were done at a decommissioned airport.

The computer scientists issued a second report last year that identified ways in which computer worms and trojans could be delivered to cars via on-board diagnostics systems, wireless connections and even tainted CDs played on radios systems.

Widespread impact

They did not say which company manufactured the cars they examined, but did say they believed the issues affected the entire industry, noting that many manufacturers use common suppliers and development processes.

Toyota said it was not aware of any hacking incidents on its cars and said it had built-in protections. "They're basically designed to change coding constantly. I won't say it's impossible to hack, but it's pretty close," said Toyota spokesman John Hanson.

But Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening," he said. "I don't think people need to panic now. But the future is really scary."

A McAfee spokeswoman said that among those hackers working on pulling apart cars was Barnaby Jack, a well-known researcher who has previously figured out ways that criminals could force ATMs to spit out cash and cause medical pumps to release lethal doses of insulin.

Computers on wheels

White hats are increasingly looking beyond PCs and data centres for security vulnerabilities that have plagued the computer industry for decades and focusing on products like cars, medical devices and electricity meters that run on tiny computers embedded in those products.

Read more

News