Can your Car be Hacked?
You might be behind the wheel, but increasingly, computers control your car’s every function.
Microprocessors direct braking, acceleration and even the horn these days. “Because they are hidden, people don’t often understand that there can be anywhere from 30 to 40 microprocessors in most cars and even up to 100 different ones running different functions in some vehicles,” says Stephan A. Tarnutzer, chief operating officer for DGE Inc., which provides electronic designs and consulting for auto manufacturers and suppliers.
But could a hacker compromise these systems? Recently, several news reports have raised the issue of car-hacking risks, including:
- Vehicle disablement. After a disgruntled former employee took over a Web-based vehicle-immobilization system at an Austin, Texas, car sales center, more than 100 drivers found their vehicles had been disabled or their horns were honking out of control.
- Tire pressure system hacking. Researchers from the University of South Carolina and Rutgers University were able to hack into tire pressure monitoring systems. Using readily available equipment and free software, the researchers triggered warning lights and remotely tracked a vehicle through its unique monitoring system.
- Disabling brakes. Researchers at the University of Washington and University of San Diego created a program that would hack into onboard computers to disable brakes and stop the engine. The researchers connected to onboard computers through ports for the cars’ diagnostic system.
Is your car at risk? The potential for car hacking is real, although there may not be a financial incentive for hackers to focus on autos just yet, say the experts. “All the malware attacks consumers are faced with every day have financial motives behind them,” says Ryan Smith, a principal researcher with Accuvant Labs who finds vulnerabilities in computer systems.
Most of the danger right now may come from hackers who want to demonstrate their prowess and enhance their reputations, says Tarnutzer. And the increased reliance on wireless systems — such as the tire pressure monitoring system — makes your car more vulnerable to these attacks, says John Bambene, a security researcher with the Internet Storm Center, the global cooperative community that monitors cyberthreats.
Protect your car from hacking Security is largely in the hands of auto manufacturers, who are working to address concerns. In the meantime, you can take these steps to protect your vehicle:
- Ask about wireless systems. Familiarize yourself with the wireless systems if you’re purchasing a new car, advises Bambenek. For a car you already own, you can review your manual or check online. Find out if any of the systems can be operated remotely.
- Ask about remote shutdown. If you’re financing through the company from which you purchased the vehicle, ask about remote shutdown related to repossession. Make sure the seller has security measures in place that control access to the system.
- Go to reputable dealers and repair shops. It’s possible for unscrupulous garages to manipulate your car’s computer systems, making it appear you need repairs that aren’t actually warranted. Don’t cut corners when it comes to choosing a dealer or repair shop.
- Protect your information. Of course, locking your car is always wise. And if you use OnStar — the GM-owned auto security and information service — make sure you don’t leave OnStar-related documents or your password in the car, says John Luludis, president and co-founder of Superior Tech Solutions, an IT provider, and a former car industry tech executive. Since OnStar can remotely shut off your engine if you report the vehicle stolen, there’s the potential for mischief if your password falls in the wrong hands.
- Be cautious about after-market devices. After-market car systems may not be as rigorously tested or designed, opening you to vulnerabilities, says Tarnutzer.
Luludis compares the use of computers in cars to the development in our use of personal computers. Hacking exploded when the Internet evolved, making it easy to access computers via networks. Wireless connections mean your car is no longer a closed system. “Once you have connection to vehicles, you have an entry point for people to try to access,” says Luludis. “The only thing standing in their way now is a standardized piece of software. It’s a concern we need to address.”
Source: Norton Cybercrime News February 2015