Think of it as carjacking for the Digital Age.
The increasingly sophisticated systems running a car may lead to new vulnerabilities, according to a study (PDF) released today from security software provider McAfee in partnership with mobile software provider Wind River and embedded security provider Escrypt. Those systems could allow hackers to take control of the car, track its location, and even access devices that are connected to it, including smartphones and tablets carrying valuable personal data.
The potential threat comes as hackers have increasingly shown a willingness to attack companies, government officials and agencies, and even Hollywood. Hacker groups such as Anonymous have caused headaches as they have stolen and released private information.
Those same threats could arrive in your car soon. Increasingly, the wireless industry is looking to put more connected devices into vehicles, allowing them to monitor the safety system and condition of the engine, as well as deliver games and videos to passengers.
“As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases,” said Stuart McClure, an executive at McAfee. “It’s one thing to have your e-mail or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”
The study highlights examples of test cases where security experts from universities around the country were able to shut down cars by hacking into a remote disabling system, use a tire’s radio frequency identification system–designed to monitor the tire pressure–to track the location and activity of a driver, disrupt emergency assistance and navigation services, and hack into the critical safety system of a car. Another study used a Bluetooth connection to steal personal data.
“The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them,” said Georg Doll, senior director for automotive solutions at Wind River. “Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”
The automotive industry has a mixed record when it comes to getting in front of security threats. The study noted that the first remote keyless entry systems didn’t use any security and were easily compromised, and that regular learning universal remote controls were able to record the key signals of different cars.
“Vehicle makers have to solve the conflict of implementing [a] security mechanism without losing customers’ acceptance,” said Stefan Goss, a professor of automotive technology at Osfalia University of Applied Sciences. “I expect a new chapter of car security in the next two car generations.”