An Apple iPad is seen integrated into the Jaguar XJ Ultimate, the most luxurious Jaguar sedan ever made ($515,000), as shown in a Hong Kong showroom in May 2012. Some observers wonder if all that computer horsepower opens autos to malicious hacking. REUTERS/Bobby Yip
Rick Perine, vice president of the Mesa (Ariz.) Police Association, agrees that a hacker could stop police in their tracks. "We use a GPS map in our vehicles that's constantly updated," he explains. Among other things, "it relays to our dispatch where our patrol unit is, Hacking into our GPS could put me in the wrong part of town and another officer dispatched to a different part of town, which puts me in danger."
The use of an after-market product is the most likely way for a hacker to take over a vehicle fleet, says Andr Weimerskirch, CEO of Escrypt Inc., a provider of embedded security systems based in Ann Arbor, Mich. "If you own a business and you use after-market products to equip your fleet with GPS, for example, it's important to look at the details in terms of security."
After-market products work similarly to remote-control car engine starters marketed to consumers through retail stores, says Weimerskirch. "Remote control starters work by undermining the theft protection mechanism in the car. This opens the door for anyone to steal your car."
A clear, but not yet present, danger
"We can remotely stop the brakes on a car from 1,000 miles away, but it's not a clear and present danger today," Savage explains.
Doing this kind of a hack requires a large investment of time and money. "You need to buy the kind of car you want to hack," says Savage. "You have to be really motivated to do this; it's not something someone will do as a hobby. Because of the time and money involved, I don't think it's an imminent problem."
We liken this increase in connectivity to the desktop computing world before the Internet: Security vulnerabilities on disconnected machines suddenly became very important when computers were networked together. Franziska Roesner, Researcher, University of Washington
Although hacking into fleets may not present an immediate danger, manufacturers are taking this research seriously, says Savage. "Every manufacturer we are aware of is putting substantially more research into security than they have in the past. The challenge is they've never had to think about this before at all."
The good news is that car manufacturers can ramp up very quickly by adapting the same techniques as those used with PCs, such as finding latent security vulnerabilities, implementing data execution prevention and other measures, says Savage. "Some things will [require] standardization to make them economically feasible," he says.