Thursday, September 2, 2010

The new car "jacking"? Car "hacking"?

Have you bought a new car lately?  You probably have more computing power under the hood then your first home computer had!  With the complexity of the computer systems and logic in your automobile comes a potential for hacking.  Just like you needed some new thing to worry about!  

Technology gizmos and gadgets typically outpace "security".  My theory, which is also shared by some of my colleagues, is that the provider of the gadget (Facebook, Iphone, Droid, Laptop, Car) has a very tight delivery cycle.  In addition, some companies seem to find that their best way to learn about design flaws with new gadgets is by releasing the product.  They learn from how their customers use it and then, eventually, how it is exploited.  Perhaps if a company tried to imagine every iteration of use and exploit before deploying, the product may never make it to market.  

So, could someone take control of your car to steal it, cause the driver harm, convince the driver to pull over for "urgent maintenance" or ruin the car?  According to some experts, the answer is yes but heavily caveated - cars are still relatively safe from criminal hackers but the flaws found during recent tests are something that should be addressed.   For starters, they would need to physically connect into the computer systems under your car's hood,  or hack into networks such as General Motors' OnStar, or have very close access to your car to carry out any evil deeds.  

See the sources posted at the bottom for more information.

According to the POPSCI article, a team of scientists at the University of Washington and University of San Diego was assembled to see what they could hack.  The research team wrote their hacking code, affectionately called "CarShark", and accomplished these tasks:
-turned off brakes in a MOVING car
-changed the reading on the speedometer
-blasted the radio volume
-turned the heat up high
-locked passengers inside the car

In another study, scientists from Rutgers University and University of South Carolina, were able to hack into a car's computer system, take over the wireless tire pressure system, and sent false low-air pressure warnings to the car.  They did have to travel closely to the target car to intercept the signal and send the false messages.  

Sources:
Blog Post by Bruce Schneier, "Hacking Cars Through Wireless Tire-Pressure Sensors",  August 17, 2010.

Christian Science Monitor Article, "Scientists hack into cars' computers -- control brakes, engine", Mark Clayton, August 13, 2010.

PCWorld Article, "Car Hackers Can Kill Brakes, Engine, and More", Robert McMillan, IDG News, May 13, 2010.

POPSCI Article, "Proof of Concept CarShark Software Hacks Car Computers, Shutting Down Brakes, Engines, and More", Rebecca Boyle, May 14, 2010.  

No comments:

Post a Comment