Monday, March 5, 2012

Could hackers seize control of your car?

(CNN) -- When car companies begin exhibiting at mobile phone shows, it's a sign that the "connected" vehicle has truly arrived -- allowing us to take our digital lives with us as we hit the highway.

But while Ford's unveiling of its latest car at Mobile World Congress -- a major cell phone industry event -- this week may have heralded a new automotive age, it also heightens fears that our technology-crammed cars could be hijacked by hackers.

Just like our PCs and smartphones, the computerized components that have infiltrated almost every aspect of modern vehicles could potentially be broken into, experts say. Only, with a car, this could have far more dangerous consequences.

"We typically don't drive our smartphones at 80 miles an hour," said Brian Contos, security strategist at technology protection firm McAfee. "But safety concerns and privacy concerns all culminate when you talk about automobiles."

Ford isn't alone in integrating mobile phone technology into its cars.

While its networked B-Max compact and its prototype Evos were big hits at the Mobile World Congress in Barcelona, also on display was a BlackBerry-embedded Porsche 911 and a Toyota with an integrated Samsung phone application.

Read more about Ford's tecnhology-filled car

Almost every vehicle manufactured in the past few years is hardwired with computer circuitry in some way, from simple entertainment units to sophisticated safety systems that can control braking and acceleration.

And technology continues to advance. Google is working on a driverless car project that, in allowing complete control of the vehicle to be handled by computers, could reshape the future of motoring.

With onboard systems capable of preventing crashes or summoning help after accidents, vehicles have arguably never been safer.

But in-built links to cell phones, Bluetooth or even low-range radio transmitters serve only to heighten the possibility that this technology can be turned against us.

So far, such attacks have been largely academic. Last year computer scientists at the University of California, San Diego and University of Washington reported they were able to gain remote access to the safety systems of a "moderately priced sedan" using an audio CD infected with a virus.

"Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack," they argued in a report to the U.S. National Academy of Sciences. They warned of "financially-motivated scenarios" under which an attacker might exploit these weaknesses.

There have been a few real-life examples, such as the disgruntled ex-employee of a firm providing web-based vehicle-immobilization systems who reportedly managed to disable 100 cars in Austin Texas in 2010.

"The nightmare scenario is 100 cars on a bridge and 50% of them hit their brakes and 50% hit their accelerators," added Contos. "Just the amount of collision that something like that would cause with a remote attack, that's pretty scary stuff."

Another possibility envisaged by Contos is hackers using radio waves to trigger a tire pressure warning. "And then what happens? The logical person would pull over and check their tires, and what a great way to carjack somebody."

Contos, whose company has compiled a report highlighting vehicle cyber security issues, also suggests that the most likely motive for such an attack would be financial, but could simply be the work of hackers trying to wreak havoc for the sake of it. Terrorism could also be a factor.

"A lot people say there's no such thing as cyber terrorism because it doesn't have the shock and awe value of blowing up a car or something of that nature. Well something like (causing a major collision) would have that."

Then there are the concerns over privacy. In downloading personal information into our cars we may help them navigate to our favorite coffee shops or check our diaries, but we also make them targets for data thieves.

For many in the auto industry, the question is currently one of balance: whether the benefits of technology outweigh the problems with security.

Read more about mobiles and medicine

"I don't think this is a situation that's unique to the car industry," said motoring journalist Carlton Boyce. He suggests that handing more computerized autonomy to our vehicles is inevitable in an increasingly traffic-clogged world. This, he says, is something consumers are happy with, and will benefit from in the long run.

"The risks are probably smaller than putting everyone in charge of two tons of metal and letting them drive at 80 miles an hour," he said.

Vehicle manufacturers themselves are not blind to the problem. Bill Ford, great grandson of Model-T creator Henry Ford and now the auto giant's executive chairman, says he traveled to Barcelona this week partly to address security concerns.

"That's one of the issues we're going to have to work out as we go along and that's why we're here, to talk to the mobile providers because they're already facing many of those security issues," he said. "For now, what we're working with is opt-in; you can opt-in with how much you're comfortable with."

He added: "Your car can know where you are at any moment and that's great for safety reasons, but the downside of that potential is someone knows where you are every second, and that's something we're going to have to work through."

This won't be easy, says Contos. With vehicles taking up to three years to develop, he says manufacturers will struggle to keep abreast of rapidly-evolving threats unless they organize regular software updates.

Instead, he says, any installed technology should be given a so-called "white list" of permissible activities beyond which any procedures are blocked.

Another option, of course, is to return to driving jalopies whose only concession to technology is a crackling AM radio. But, adds Contos, this isn't a route most drivers are prepared to take.

"People aren't going to go back to driving the Model T any more than they're going to go back to rotary telephones because of the risks on smartphones," he said.


Source

No comments:

Post a Comment