Skip to navigation
Latest News

Intel sets team on thwarting car hackers

car

By Reuters

Posted on 20 Aug 2012 at 09:07

With computers playing an ever-increasing role in driving cars there's a real concern over hackers taking over control systems – so much so that Intel has put a dedicated team on the case.

In a US garage the security staff search for electronic bugs that could make cars vulnerable to lethal computer viruses.

Intel's McAfee unit is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car.

Security experts say that car manufacturers have so far failed to adequately protect these systems, leaving them vulnerable to hacks by attackers looking to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.

If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening

"You can definitely kill people," said John Bumgarner, chief technology officer of the US Cyber Consequences Unit a research organisation, underlining the potential for targeted computer attacks on networks and products.

To date there have been no reports of violent attacks on vehicles using a computer virus, according to SAE International, an association of more than 128,000 technical professionals working in the aerospace and the auto industries.

Yet, Ford spokesman Alan Hall said his company had tasked its security engineers with making its Sync in-vehicle communications and entertainment system as resistant as possible to attack. "Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset," he said.

And a group of US computer scientists shook the industry in 2010 with a landmark study that showed viruses could damage cars when they were moving at high speeds. Their tests were done at a decommissioned airport.

The computer scientists issued a second report last year that identified ways in which computer worms and trojans could be delivered to cars via on-board diagnostics systems, wireless connections and even tainted CDs played on radios systems.

Widespread impact

They did not say which company manufactured the cars they examined, but did say they believed the issues affected the entire industry, noting that many manufacturers use common suppliers and development processes.

Toyota said it was not aware of any hacking incidents on its cars and said it had built-in protections. "They're basically designed to change coding constantly. I won't say it's impossible to hack, but it's pretty close," said Toyota spokesman John Hanson.

But Bruce Snell, a McAfee executive who oversees his company's research on car security, said the car industry was concerned about the potential for cyber attacks because of the frightening repercussions. "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening," he said. "I don't think people need to panic now. But the future is really scary."

A McAfee spokeswoman said that among those hackers working on pulling apart cars was Barnaby Jack, a well-known researcher who has previously figured out ways that criminals could force ATMs to spit out cash and cause medical pumps to release lethal doses of insulin.

Computers on wheels

White hats are increasingly looking beyond PCs and data centres for security vulnerabilities that have plagued the computer industry for decades and focusing on products like cars, medical devices and electricity meters that run on tiny computers embedded in those products.

1 2

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Oh joy

McAfee running on my car, that's something to look forward to.
Engine permanently running at 7000RPM, but max speed 23MPH.

By Throbinevans on 20 Aug 2012

But seriously though...

There's always a trade-off between the wonderful performance and convenience of programmable electronic systems, and their vulnerability to attack: systemic or catastrophic.

My neighbour won't buy a car with an ECU, preferring old-fashioned non-turbo deisels. His reasoning is that he can physically 'fix' any problems (he's a mechanical engineer), and there isn't a black box to 'blow up' and cost a fortune to replace.

The obvious downside is emissions like a Chinese power station, fuel-economy to match and 'stately' performance.

When not only the ECU, but the entire car is managed \ controlled by programmable electonics you start to add all the security concern raised in this piece. The Toyota FBW throttle problems of a few years ago are indicative of how serious (particularly financially) such issues can be......

By wittgenfrog on 20 Aug 2012

Beemer

Interesting that a BMW has been used for the illustration. A quick search on youtube shows how easy it is to steal one with a laptop and an ODB-II lead.

The problem, interestingly, is apparently competition law. Car manufacturers aren't allowed to encrypt the stuff available at the ODB port, for fear of inconveniencing back street garages.

What a lot of savvy BMW owners have started doing is adding a secret switch, so that the port is normally inactive.

By PaulOckenden on 20 Aug 2012

@PaulOckenden

I though most ECU's are now encrypted, they certainly are on new VWs. You also need to be in the car before you can hook up your laptop anyway.

By stuscott1978 on 20 Aug 2012

@stuscott

Alas not. If you have a browse round the Pistonheads website, there's a very interesting thread where a chap had his Beemer 1M nicked from his drive in full view of his CCTV cameras. A small hole was knocked in the driver's side window - just big enough to get to the OBD port without setting off the car alarm. 4 minutes of tinkering later, the miscreants had hacked themselves a nice new motor.
Lots of people on that thread, including me, have since added a secret switch....

By Throbinevans on 20 Aug 2012

" The problem, interestingly, is apparently competition law. Car manufacturers aren't allowed to encrypt the stuff available at the ODB port, for fear of inconveniencing back street garages."

Alternatively one might argue that it's not encrypted in order to prevent Main Dealers from having a monopoly and ripping off their customers even more.....

It seems BMW's security implementation is at fault, rather than the standardised vehicle diagnosis system.

By wittgenfrog on 20 Aug 2012

@Throbinevans, that secret switch isn't secret anymore though is it? DOH!

By SKINHEAD1967 on 20 Aug 2012

@SKINHEAD1967

Well good luck picking mine out of the millions of beemers on the road today. And if you do find it, and figure out a route around my triple-dastardly secret switch (I work in the security industry, so know a trick or two), then you can have the car with my blessing :)

By Throbinevans on 20 Aug 2012

@Throbinevans

Isn't that sort of statement called "doing a Clarkson"?

By JohnGray7581 on 20 Aug 2012

@johngray7851

Everyone loves a challenge...
That reminds me, must remember to remove the 'press this to win car' sticker off the switch, you never know who might be reading this.

By Throbinevans on 20 Aug 2012

Separation

Why does the computer that runs the entertainment system (CD, MP3 player) and connects to the outside world (GPS, GPS traffic updates over 3G, Bluetooth etc.) need to be connected to the computer(s) that control the engine, brakes etc.?
Is there any reason they can't be completely separate, ie. not physically or wirelessly connected to each other in any way?

Also agree with Throbinevans - I don't want McAfee software anywhere near any car I drive or am a passenger in ;)

By happyskeptic on 23 Aug 2012

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.