Skip to navigation
Latest News

Intel sets team on thwarting car hackers

car

By Reuters

Posted on 20 Aug 2012 at 09:07

Cars are already considered "computers on wheels" by security experts. Vehicles are filled with dozens of tiny computers known as electronic control units, or ECUs, that require tens of millions of lines of computer code to manage interconnected systems including engines, brakes and navigation as well as lighting, ventilation and entertainment.

Cars also use the same wireless technologies that power mobile phones and Bluetooth headsets, which makes them vulnerable to remote attacks that are widely known to criminal hackers.

"There is tons of opportunity for attack on car systems," said Stuart McClure, an expert on automobile security who recently stepped down as worldwide chief technology officer of McAfee to start his own firm.

Security analysts fear that criminals, terrorists and spies are gradually turning their attention to embedded computers, many of which can be attacked using some of the same techniques as regular computers.

Car makers are rushing to make it easy to plug portable computers and phones to vehicles and connect them to the internet, but in many cases they are also exposing critical systems that run their vehicles to potential attackers because those networks are all linked within the car.

The manufacturers, like those of any other hardware products, are implementing features and technology just because they can and don't fully understand the potential risks of doing so

"The manufacturers, like those of any other hardware products, are implementing features and technology just because they can and don't fully understand the potential risks of doing so," said Joe Grand, an electrical engineer and independent hardware security expert.

Grand estimates that the average auto maker is about 20 years behind software companies in understanding how to prevent cyber attacks.

Self destruct

Concerns about such possibilities emerged after a group of computer scientists from the University of California and the University of Washington published two landmark research papers that showed computer viruses can infect cars and cause them to crash, potentially harming passengers.

The group chose a fairly banal name, the Center for Automotive Embedded Systems Security. Yet their work is as imaginative as that of Q, the fictional scientist who supplies weapons to British secret agent James Bond.

They figured out how to attack vehicles by putting viruses onto compact discs. When unknowing victims try to listen to the CD, it infects the car radio, then makes its way across the network to more critical systems.

For instance, they came up with a combination attack dubbed "Self Destruct". It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes.

In addition to designing viruses to harm passengers in infected vehicles, the academics were able to remotely eavesdrop on conversations inside cars, a technique that could be of use to corporate and government spies.

1 2

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Oh joy

McAfee running on my car, that's something to look forward to.
Engine permanently running at 7000RPM, but max speed 23MPH.

By Throbinevans on 20 Aug 2012

But seriously though...

There's always a trade-off between the wonderful performance and convenience of programmable electronic systems, and their vulnerability to attack: systemic or catastrophic.

My neighbour won't buy a car with an ECU, preferring old-fashioned non-turbo deisels. His reasoning is that he can physically 'fix' any problems (he's a mechanical engineer), and there isn't a black box to 'blow up' and cost a fortune to replace.

The obvious downside is emissions like a Chinese power station, fuel-economy to match and 'stately' performance.

When not only the ECU, but the entire car is managed \ controlled by programmable electonics you start to add all the security concern raised in this piece. The Toyota FBW throttle problems of a few years ago are indicative of how serious (particularly financially) such issues can be......

By wittgenfrog on 20 Aug 2012

Beemer

Interesting that a BMW has been used for the illustration. A quick search on youtube shows how easy it is to steal one with a laptop and an ODB-II lead.

The problem, interestingly, is apparently competition law. Car manufacturers aren't allowed to encrypt the stuff available at the ODB port, for fear of inconveniencing back street garages.

What a lot of savvy BMW owners have started doing is adding a secret switch, so that the port is normally inactive.

By PaulOckenden on 20 Aug 2012

@PaulOckenden

I though most ECU's are now encrypted, they certainly are on new VWs. You also need to be in the car before you can hook up your laptop anyway.

By stuscott1978 on 20 Aug 2012

@stuscott

Alas not. If you have a browse round the Pistonheads website, there's a very interesting thread where a chap had his Beemer 1M nicked from his drive in full view of his CCTV cameras. A small hole was knocked in the driver's side window - just big enough to get to the OBD port without setting off the car alarm. 4 minutes of tinkering later, the miscreants had hacked themselves a nice new motor.
Lots of people on that thread, including me, have since added a secret switch....

By Throbinevans on 20 Aug 2012

" The problem, interestingly, is apparently competition law. Car manufacturers aren't allowed to encrypt the stuff available at the ODB port, for fear of inconveniencing back street garages."

Alternatively one might argue that it's not encrypted in order to prevent Main Dealers from having a monopoly and ripping off their customers even more.....

It seems BMW's security implementation is at fault, rather than the standardised vehicle diagnosis system.

By wittgenfrog on 20 Aug 2012

@Throbinevans, that secret switch isn't secret anymore though is it? DOH!

By SKINHEAD1967 on 20 Aug 2012

@SKINHEAD1967

Well good luck picking mine out of the millions of beemers on the road today. And if you do find it, and figure out a route around my triple-dastardly secret switch (I work in the security industry, so know a trick or two), then you can have the car with my blessing :)

By Throbinevans on 20 Aug 2012

@Throbinevans

Isn't that sort of statement called "doing a Clarkson"?

By JohnGray7581 on 20 Aug 2012

@johngray7851

Everyone loves a challenge...
That reminds me, must remember to remove the 'press this to win car' sticker off the switch, you never know who might be reading this.

By Throbinevans on 20 Aug 2012

Separation

Why does the computer that runs the entertainment system (CD, MP3 player) and connects to the outside world (GPS, GPS traffic updates over 3G, Bluetooth etc.) need to be connected to the computer(s) that control the engine, brakes etc.?
Is there any reason they can't be completely separate, ie. not physically or wirelessly connected to each other in any way?

Also agree with Throbinevans - I don't want McAfee software anywhere near any car I drive or am a passenger in ;)

By happyskeptic on 23 Aug 2012

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.