CyberAuto Challenge Helps Expose Car Security Flaws
The Battelle CyberAuto Challenge encourages students to pursue cybersecurity careers.
Today's cars have grown vulnerable to the threat of computer viruses or hackers — security researchers have even shown how to remotely unlock a vehicle or start a car's engine using simple text messages. But a group of U.S. students who attended the first Battelle CyberAuto Challenge could represent the first among many new cybersecurity professionals needed to defend against such dangers.
A select group of 24 high school and college students earned the chance to learn about cybersecurity challenges for cars alongside representatives from the U.S. Department of Defense, Department of Transportation and the Detroit Three automakers, during the week of Aug. 13-17. Battelle — a nonprofit research organization headquartered in Columbus, Ohio — wants the students to use the experience and connections in their future cybersecurity careers.
"The point of this is to educate the next generation workforce by giving them tools to understand computer design," said Karl Heimer, senior research director of the Cyber Innovation Unit at Battelle. "We chose a platform we thought would be engaging. The fact that it's a car is because cars are cool."
Protecting car systems against cyberattacks gets trickier if tomorrow's cars become fully driverless like Google's self-driving prototypes. Many cars already have cruise control and even self-parking modes, but giving computers more control adds to the possible danger from viruses or hacking attacks. [Why America's Love Affair with Cars Is No Accident]
Many future cars may also "talk" wirelessly with one another, traffic control systems, and a growing array of smartphones, tablets and other gadgets. That growing network also opens up cars to new risks from cyberattacks.
Researchers have already shown that they can take over a modern car's computer system with "Trojan horse" CDs, hack into a police car's live video feed, and even locate, unlock and turn on a car's engine using text messages. That adds urgency to the CyberAuto Challenge's goal of inspiring students to pursue cybersecurity careers.
One of the CyberAuto Challenge sessions taught the students how to (legally) reverse engineer a car's systems to find potential problems or as a basis for improving the car's design. Students also had the chance to work alongside a forensics car company that helps law enforcement pull information from vehicles.
"We're not teaching them specific technical things like 'When you see this code in this car, it means this,'" said Tiffany Rad, cybersecurity engineer at Battelle. "It's more about understanding how the system works so that they can make recommendations to help design more secure vehicles and platforms."
But giving students the knowledge to tackle cybersecurity threats represents just half the battle. Rad and her Battelle colleagues also want to teach the students about the moral and legal responsibilities of the job — such as how to responsibly alert companies about their newest technology having a security weakness.
"If we find anything that's weak, we would give that to the vendor and give them an unlimited amount of time [to figure out a solution]," Rad explained. "We're not going to post it on Facebook or present it at a conference."