Car-hacking: Bluetooth and other security issues

It's not time for full-on panic, but researchers have already successfully applied brakes remotely, listened into conversations and more.

By Linda Melone, Computerworld |  Security

ECUs measure the oxygen present in exhaust fumes and adjust the fuel/oxygen mixture before combustion, which improves efficiency and reduces pollutants. Over time these systems have become integrated into nearly every aspect of a car's functioning, including air bag deployment, steering, braking and other real-time systems.

In the mid-1990s car manufacturers began integrating more powerful ECUs with peripherals such as GM's OnStar system, which is a combination GPS, emergency response unit and vehicle recovery system. An OnStar-equipped car can analyze its on-board diagnostics as the car is being driven, detecting problems and alerting the driver to any issues that require a visit to the repair shop.

These ECUs connect to one another and to the Internet, making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.

"The Austin case is a fairly particular case in that they had an add-on system that specifically gave them the ability to wirelessly immobilize the cars," says Stefan Savage, professor in the department of computer science and engineering at the University of California, San Diego. "It's not a standard feature on most automobiles."

AT&T exhibitors show off the new Ford Focus Electric car at the CTIA Conference in New Orleans in May 2012. The MyFord Mobile system will connect through the AT&T wireless network, which allows car users to remotely access the car using standard wireless technology, according to Ford. Some security experts wonder if standard wireless hacking techniques will become a problem. REUTERS/Sean Gardner

Generally speaking, these types of systems are there to disable the vehicle in the event of theft and enable their eventual recovery, says Savage. "This was not a case of hacking into a system or creating new functionality that didn't exist before," he explains. But that's not to say it can't be done. "In our research we demonstrated taking over a car through a software vulnerability and creating a completely new piece of functionality that did not exist before," he says.

GM's OnStar service, which also helps recover stolen vehicles, is currently the only vendor advertising that capability as a standard feature, says Savage. "However, the set of cars for which a clever adversary could create a new capability to shut down the car is likely quite a bit larger."

Motive behind the madness


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness