Wait, Now I Need Security Software For My Car, Too?
from the trojan-brakes? dept
The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry....Happy driving, everyone...
The researchers, financed by the National Science Foundation, tested two versions of a late-model car in both laboratory and field settings. They did not identify the maker or the brand of the car, but said they believed they were representative of the computer network control systems that have proliferated in most cars today.
The researchers asked what could happen if a hacker could gain access to the network of a car, said Tadayoshi Kohno, a University of Washington computer scientist. He said the research teams were able to demonstrate their ability to circumvent a wide variety of systems critical to the safety of drivers and passengers.
They also demonstrated what they described as "composite attacks" that showed their ability to insert malicious software and then erase any evidence of tampering after a crash.
The researchers were able to activate dozens of functions and almost all of them while the car was in motion.
To be fair, the researchers admit that they did not look at what kinds of "defense" the car might have to block such attacks, but they do point out that those developing car computing systems probably don't have as much experience or concern in the security realm. For the most part, this sounds like it's not a problem that anyone's going to face in the short-term. If anything, I'm guessing we'll have a lot more moral panic stories about what will happen before any reports of something bad actually happening. However, at some point, it seems likely that these sorts of stories will pass over from the hypothetical into the real world, and at that point, I'll be looking for a car that runs on open source software.