DEFENSELESS DRIVING: A group of researchers claim that earlier this year they proved a hacker could, among other things, conceivably use a cell phone to unlock a car's doors and start its engine remotely, so he or she could then get behind the wheel and drive away.
Image: COURTESY OF JAAP-WILLEM KLEIJWEGT, VIA ISTOCKPHOTO.COM
-
The Best Science Writing Online 2012
Showcasing more than fifty of the most provocative, original, and significant online essays from 2011, The Best Science Writing Online 2012 will change the way...
Read More »
As if worrying about the vulnerability of your PC and smart phone to hackers were not enough, could your car be the next target? Maybe not today, but engineers are transforming automobiles from a collection of mechanical devices crowded around a combustion engine to a sophisticated network of as many as 70 computers—called electronic control units (ECUs). These computers are linked to one another and to the Internet, making the car a mini mobile data center susceptible to many of the same digital dangers—viruses, denial-of-service attacks, etcetera—that have long plagued PCs and other networked devices.
ECUs manage supercritical, real-time systems such as steering, air bag deployment and braking as well as less critical components including the ignition, lights and infotainment console. Software (sometimes up to 100 million lines of code) tells these ECUs what to do and when to do it. ECUs tend to share networks when they communicate with one another. This makes it easier to control more networked gadgets (GPS, MP3 players and more) from the same place, such as the center of the steering wheel. The problem comes when infotainment and other nonessential components share the same network with the brakes, steering and other safety-critical devices.
So says a group of researchers who claim that earlier this year they proved a hacker could, among other things, conceivably use a cell phone to unlock a car's doors and start its engine remotely, so he or she could then get behind the wheel and drive away. Stefan Savage, a computer science professor at the University of California, San Diego, and Tadayoshi Kohno, an assistant computer science and engineering professor at the University of Washington in Seattle, inserted malicious software onto a car's computer system using its Bluetooth and cell phone connections. (They decline to specify which brand of car.) They presented their work in March at the National Academies Committee on Electronic Vehicle Controls and Unintended Acceleration.
Savage, Kohno and their colleagues have for the past few years studied cyber attacks against automobile networks. Earlier experiments used a laptop plugged into the federally mandated On-Board Diagnostic system (OBD–II) port under a test car's dashboard to take control of its ECUs to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver's actions (pdf).
This research "shows the need for security measures in vehicular onboard networks," says Olaf Henniger, a researcher at Germany's Fraunhofer Institute for Secure Information Technology. "Wireless communication can be eavesdropped, jammed or relayed, and automobile security measures are necessary."
Henniger and his colleagues are working to create just that. He is a member of Europe's E-Safety Vehicle Intrusion Protected Applications (EVITA) project, launched in July 2008 with the help of BMW Group, Fujitsu and others to develop a security blueprint that carmakers can follow to build more secure onboard networks. The project, scheduled to wrap up at the end of the year, is focused on protecting vehicle-to-vehicle and vehicle-to-infrastructure communication designed to prevent traffic accidents. Researchers have already created prototypes of specialized hardware security modules that would encrypt or authenticate data exchanged within the car, with other cars and with the equipment on the roadways themselves. A follow-up project launched in February called Preparing Secure Vehicle-to-X Communication Systems (PRESERVE) will use EVITA's specifications to create standardized security hardware that would be less expensive to implement.
Whether car companies are willing to invest in the additional security remains to be seen, says Anup Ghosh, a research professor and chief scientist at George Mason University's Center for Secure Information Systems. Automotive engineers have limited budgets just like everyone else, and it is easier and less expensive to have multiple devices plug into shared networks, he adds.
Many manufacturers say their vehicles are already safe. Ford, whose SYNC system was co-developed by Microsoft and introduced in 2007, has a built-in firewall to protect against network attacks and separates its vehicle control network from its infotainment network, says Rich Strader, director of Ford's Information Technology Security and Strategy practice. SYNC also uses encryption and wireless security protocols, and the car company encodes its software updates so that SYNC knows these updates are coming from a trusted source rather than a hacker, according to Strader.
Mobile apps that can be downloaded to smart phones for remotely starting a vehicle's ignition, unlocking doors and other functions are also seen by some as a potential cyber security threat. Once that phone is paired with the car via Bluetooth, it becomes a part of the car's network, Ghosh says. If a hacker were to get control of that phone (perhaps through a virus downloaded from the Web), that person might then be able to gain access to the vehicle to which the phone is paired, he adds.
As a security measure, GM's OnStar MyLink is a mobile application that never communicates directly with the car, says Vijay Iyer, director of public affairs and corporate communications for OnStar. Instead, the app connects to OnStar's network, which requests user authentication via a PIN. If approved, the network then communicates with the car to perform functions such as unlocking doors or starting the ignition.
Savage, Kohno and their colleagues have been careful to point out that their success was the work of several years of experimentation and does not mean that cars are suddenly vulnerable to network attacks. Still, it seems the unending chess match between hackers and security programmers has found a new playing field.
See what we're tweeting about
10 Comments
Add Commentrisk assessment gone wild - please! Next, hackers will get into my internet connected TV and buy porn. Let's try and keep this stuff reasonable and not scream headlines of doom. While these scenarios are possible it doesn't make them probably, ie, it is possible a hugh asteroid will strike the earth, it has a low probability of occurance.
Reply | Report Abuse | Link to thisActually, if you view it as value for effort, what's more useful to an attacker, gaining access to your PC or your car? It took years for crackers to figure out how to make money by attacking a PC... most still don't make anything for all their efforts. But, a phone app that can be used to steal a car? There's a pretty established profit motive. As with PC attacks, it only takes one highly intelligent person to package an attack, even a very complicated one, into an easy-to-use tool and it's now live to the cracker community, crooks, dolts, and all. If it can be done, it will be. Further, once it's done... just how can people stop it? A software upgrade done in the shop through an expensive recall is about the only way. If I were an automotive manufacturer, I'd be taking this very seriously. Even one proof-of-concept attack on a particular car could cost the manufacturer millions. Would you buy a car that some reporter just drove off without a key on the evening news?
Reply | Report Abuse | Link to thisAnd, you know... that hack the TV to buy porn thing might just take off too :) It's certainly more probable over the next few years than that asteroid.
The headline seems alarmist, and doesn't seem to match the information in the article. If someone has access to the OBD port under the steering wheel, they have already got through the physical security of the car. It's no different from someone crawling underneath and ruining my brakes.
Reply | Report Abuse | Link to thisBeyond that, there are products out there that make good use of the OBD port to provide useful information about the status of the car's operation and possible upcoming trouble issues. Quite naturally, this can be used for evil purposes if I allow someone with ill-intent access. Why would I?
I doubt that a software upgrade has to be done in a shop. If a hacker can just break into a car passing by, then you can also protect against the hack in the same way. For all we know, it might have already happened. Anyone notice strange antennas with GM logos at intersections?
Reply | Report Abuse | Link to thisBreaking into a car is child's play. I can break into some cars in under 10 seconds. My favorite is breaking the passenger window out of a car warming up in the winter, but that doesn't need a hacker, now does it.
Reply | Report Abuse | Link to thisLOL everything that has a computer in it can be hacked. There will always be bad apples but now to committ a crime you have to be smarter that you did 10 years ago.
Reply | Report Abuse | Link to thisYou have it backwards, now you must be smarter to keep people from committing crimes against you. For instance, the Nigerian scam is still working - in big numbers on Facebook. Why? Because there are many new users without street smarts online. They're easy pickings. As far as stealing a car goes - the old school - tried and true methods still work - ok maybe now you may need to disconnect the GPS - that's no harder that hot wiring was a few years back.
Reply | Report Abuse | Link to thisIn a world of artificial intelligence (AI) designed by hucksters, you could imagine your new car locking you in, driving you to a specific store, and refusing to take you home until you buy something. The fact that Sciam's own comment boards are so heavily polluted by spam suggests this is likely. But it gets worse.
Reply | Report Abuse | Link to thisWhile a person may be smart, collectively, human beings are as intelligent as any other herd animal or perhaps less so. No other species will hunt its prey to extinction, poison its own food, water, and air supply, or murder its fellows at serious risk to itself and its offspring merely because a few other members its herd thought that was a good idea.
AI systems must be designed and programmed by an organization of human beings because the amount of work involved is more than one person could accomplish in a lifetime.
This brings us to requirements, the first part of the software development lifecycle.
The necessary requirements that are missing from this mix are those that require the system to be sane and ethical. These requirements should be codified into law.
Sanity means that mission critical components must be:
1. constrained to operate within sane limits
2. redundant enough to self-enable fault detection
3. independent enough to withstand faulty information from other components and still do their duty to protect the overall system from destruction
Ethical means that the whole system must be designed to:
1. protect people whether they are operating the system or anywhere within the operating environment of the system
2. serve the people who are operating it with honesty and transparency
Obviously, using a common network protocol to connect mission critical components in a mobile automated system that can run people down and crash into things will not meet the above requirements. If a spurious data stream can get in, it will get in.
Most PCs and handheld communications devices can tolerate sloppy design because they're not likely to do anything physical...at least not yet. If they get hacked that's bad but usually nobody dies.
As automated systems become mobile, we'll need a paradigm shift starting with some essential requirements to keep these systems sane and ethical. And because of the potentially catastrophic effects that may ensue as these systems grow in power, unlike modern-day requirements that can be fast and loose, life and death requirements must be a matter of international law and careful deliberation.
Really? Police break down doors looking for child porn downloaders all the time and quite often find out that it is a neighbor stealing the internet connection of their next door neighbor, or in other words using your internet connected tv to download porn. Not too hard to do if you do not protect your networks.
Reply | Report Abuse | Link to thisI find it humorous that Ford is saying their car networks are safe based on collaboration with Microsoft fire-walling ......Lord knows Microsoft systems have never been hacked before.
Reply | Report Abuse | Link to thisYou know cars have had computers on them since the 80's and it used to be that these type of systems specialized in doing what they do with minimal code and hardware to cut down on catastrophic problems. Guess that is out the window now.