Skip to main content

Authorities concerned by cyber-security of cars

Federal authorities are growing increasingly alarmed that our automobiles, being ever more computer, Bluetooth, Wi-Fi and satellite connected, could possibly be hacked en masse by enemies of America with bad intent. The nightmare scenarios are unsettling, to say the least.
Posted: December 29, 2011 - 9:17PM
Author: Don Bain

Even now, Colorado is petitioning the Federal government for funds to install a $230 million foam fire extinguishing system in the Eisenhower Tunnel, a major commercial artery across the Continental Divide.

Currently, trucks hauling highly hazardous and sometimes toxic loads are occasionally allowed to use this 1.693-mile long tunnel, which currently has no means of fire response, toxic or otherwise.

This would create the scenario for a horrific disaster, if as Steve Johnson of the Mercury News asserts, our computerized vehicles have become vulnerable to cyber-attacks from terrorists or any insidious adversary – foreign or domestic – with the prerequisite technological knowhow, based on studies by university researchers and security companies.

The very chemicals our industries need to haul about the country could become impromptu IEDs if an enemy could manipulate the vehicles around a truck hauling an explosive load, causing it to stall on a bridge, a dam, a crowded area or even a sensitive point in the power grid – a single RPG could create a highly amplified effect.

One study proved a car's computer controls could be hacked through its Bluetooth, Wi-Fi or OnStar connections, creating the danger cyber-ninjas could take over your car and those around you. They could apply the brakes to some and cause others to accelerate rapidly, causing wrecks and blocking highways. Government, corporate or even savvy civilians could eavesdrop on phone calls. Clever thieves could electronically locate, unlock and start cars for felonious purposes. Even the tire pressure warning could be used to influence a driver to pull over, with predators following or waiting nearby.
Criminal organizations could conceivably even manipulate stock values by targeting a particular brand cleverly, creating the appearance of quality problems in the lineup. Once the stock is low, they buy it up cheap and the problems disappear, moving shortly into another manufacturer’s line.

"I can definitely imagine organized crime or potentially even nation-states leveraging weaknesses in these functions to cause different kinds of havoc," said Ryan Permeh, a principal security architect at Intel's (INTC) McAfee division.

Though this is a threat as yet unrealized, it does not diminish the concerns of automakers.

"We are very, very concerned," Chrysler spokesman Vince Muniga told The Mercury News. They are working with computer experts to identify "things that may be vulnerable in the future."

Ford, also "is taking the threat very seriously" and "working to ensure that we've developed a product that is as resistant to attack as possible," said Rich Strader, the company's director of information technology, security and storage.

The potential problem has not escaped the federal government's attention either.

"The National Highway Traffic Safety Administration is aware of the potential for hackers and is working with automakers to understand what steps can be taken to address the problem," read an official statement, The NHTSA has requested the assistance of the National Academy of Sciences in the matter.

Because of the buyer’s appetite for more technology and connectivity, automakers have been pouring the latest telematic and entertainment systems into their vehicles. Most premium vehicle now have up to 70 computerized systems utilizing microchips from Silicon Valley that give the car “self-awareness” of everything from the engine, transmission and headlights to the cabin temperature, air bags and cruise control. Soon they will even monitor the stress levels, blood sugar and heartbeats of occupants.

More cars can now park themselves and some will even stop automatically to avoid impact at low speeds. It is easy to secure a missile silo or an Army base. It is another thing entirely to secure something intrinsically designed to interconnect devices and people. This simple fact means those with technological savvy, the right equipment and bad intentions might be able to get into the machine’s systems.

Earlier this year, Torque News reported the abuse of an auto dealership system to activate alarms and horns on vehicles in the dealer’s loan folder by a disgruntled ex-employee. Owners were baffled and many had to have their cars towed to diagnose the problem, racking up a major bill. Dealers have such systems for vehicles on payment plans so they can find and unlock them if they have to be repossessed.

One city hired a security verifier who found he had little trouble accessing the in car camera on police cruisers. He reportedly stated, “he was easily able to upload, download and delete files that stored months worth of video feeds."

Further vulnerabilities were found during an August study by the Center for Automotive Embedded Systems Security, a joint effort of UC San Diego and the University of Washington. They discovered thieves could wirelessly command groups of cars, report their GPS coordinates, get vehicle identification numbers, as well as the year, make, model and location of the most expensive. They could reportedly steal them by simply issuing commands to disable the alarms, unlock the doors and even start the engine.

The direction much of the next level of technology is taking involves communication between vehicles to avoid accidents, improve traffic flow and even enable social media. Maybe this will all end up with the cars watching out for each other.

Of course problems always create possibilities as well and soon services like Life Lock will have to keep and eye on your car too. Others will design vehicles that can surreptitiously move hazardous chemicals safely, without being obvious about it.

File this under the principle of unintended consequences.