Wait, Now I Need Security Software For My Car, Too?
from the trojan-brakes? dept
Remember a few months ago when a disgruntled ex-employee from a car dealer was able to login to the dealer’s computer system and remotely disable over 100 cars? And, of course, there have been concerns over the ability to use systems like OnStar to remotely disable cars as well, with concerns about what would happen if malicious hackers were able to get their hands on the controls. Now, to add to those concerns, some researchers are reporting that modern day car computing is vulnerable to malicious hacks that could put drivers in danger.
The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry….
The researchers, financed by the National Science Foundation, tested two versions of a late-model car in both laboratory and field settings. They did not identify the maker or the brand of the car, but said they believed they were representative of the computer network control systems that have proliferated in most cars today.
The researchers asked what could happen if a hacker could gain access to the network of a car, said Tadayoshi Kohno, a University of Washington computer scientist. He said the research teams were able to demonstrate their ability to circumvent a wide variety of systems critical to the safety of drivers and passengers.
They also demonstrated what they described as “composite attacks” that showed their ability to insert malicious software and then erase any evidence of tampering after a crash.
The researchers were able to activate dozens of functions and almost all of them while the car was in motion.
Happy driving, everyone…
To be fair, the researchers admit that they did not look at what kinds of “defense” the car might have to block such attacks, but they do point out that those developing car computing systems probably don’t have as much experience or concern in the security realm. For the most part, this sounds like it’s not a problem that anyone’s going to face in the short-term. If anything, I’m guessing we’ll have a lot more moral panic stories about what will happen before any reports of something bad actually happening. However, at some point, it seems likely that these sorts of stories will pass over from the hypothetical into the real world, and at that point, I’ll be looking for a car that runs on open source software.