Your Computerized Car Could Fall Prey to Hackers
A car dealership near Dresden, Germany.
If you've just bought one of those brand-new, ultra-modern, computerized vehicles, congratulations! Security experts say your car could be vulnerable to hackers the same hackers who try to gain access to computers, tablets and mobile devices.
Security expert Paul Lubic told SecurityNewsDaily that we're entering what the auto industry calls the age of the "connected car" a vehicle that is connected wirelessly to the Internet, has its own Wi-Fi network and can stream high-definition movies.
Lubic said these features will be powered by 3G or 4G cellular modems, an onboard Wi-Fi router and a computer that's probably more powerful than a home PC.
But there's a catch to all this automobile automation.
"This scenario is another opportunity for hackers to cause problems," Lubic said.
Hackers could use the wireless connectivity to take control of the vehicle's onboard computer, which controls the engine speed, the brakes and the door-locking system, Lubic said.
That hasn't happened yet in "the wild," but last year, security researchers from the University of California and the University of Washington hacked into the onboard computers of several vehicles and disabled the brakes, changed the speedometer readings, shut the engine off, locked passengers into the cars and more.
And just last week at the Black Hat Technical Security Conference in Las Vegas, two private security researchers were able to tap into a Subaru's cellular-network-based security system. With a specially crafted text message , they were able to unlock and start the car remotely.
The California and Washington researchers said they were able to "bypass rudimentary network security protections within the car" and "adversarially control a wide range of automotive functions and completely ignore driver input including disabling the brakes, selectively braking individual wheels on demand, stopping the engine and so on."
The researchers were also able to compromise a vehicle's security through wireless interfaces such as Bluetooth and audio files.
According to Lubic, vehicle manufacturers in the U.S. are aware of these vulnerabilities and are developing strong encryption protocols for vehicle-to-vehicle and vehicle-to-device communications. Encryption would stop, or at least delay, a hacker's ability to control the vehicle's computer.
Lubic added that the U.S. Department of Transportation plans to test the new vehicles to make sure they're hacker-resistant.
"If you're planning on buying one of these connected cars in the future, be aware of this threat and find out if the encryption has been put in place, or if the manufacturer has implemented any security mitigation to stop possible hacking," Lubic said.
If such measures haven't been taken, hold off on buying that computerized vehicle until it has been properly secured and then wait a couple of more months for any leftover bugs to be found and patched.