NMA Article: Auto Hacking: Should You Be Concerned?
By Eric Peters, Automotive Columnist
Many new cars are as “wired” as a home office — with onboard GPS navigation and communication systems and wireless communications networks using cellphones and Bluetooth technology.
The question on some people’s minds is: Can a modern car’s onboard electronics be “hacked” or infected by a computer virus introduced through a wireless device that might corrupt or even disable its expensive onboard systems?
So far, the answer seems to be no.
Bluetooth short-range wireless communication technology — which among other things enables drivers to access their cell phone and PDA-based address books with their in-car phones — was tested recently to see whether a virus could be introduced into a vehicle’s onboard electronic systems.
A Toyota Prius hybrid — one of the most intensively “wired” vehicles currently on the road — was used for the test. Researchers with the Finnish computer security firm, F-Secure tried to introduce multiple versions of the Cabir virus — which targeted cell phones and PDAs — into the Prius via Bluetooth wireless interaction with the car’s onboard systems.
After repeated attempts, all attempts at infection failed to affect the Prius.
“No matter what we did the car did not react to the Bluetooth traffic at all,” said F-Secure’s Jarno Niemela. In fact, the researchers weren’t even able to get the Cabir virus into the car’s operating systems when they used a special program to transfer the file.
These tests confirmed Toyota’s insistence that claims its vehicles are susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded — at least so far.
Why the caveat? Because many computer experts believe the very nature of the electronic communication technology being fitted to new cars (some of it based on a form of Microsoft windows) may make it as vulnerable to hackers as any desktop, PDA or smartphone that’s connected to or communicates with the online world — especially the wireless online world.
F-Secure’s director of anti-virus research Mikko Hypponen says “computers are listening to radio traffic all the time. Even though you can safeguard a (wireless network) with a firewall and can turn Bluetooth to hidden mode, if you have a weakness in the wireless network or Bluetooth driver the weakness can be exploited.”
GM’s OnStar concierge system has also not been affected by a computer virus — so far. But as with Bluetooth, the system is theoretically vulnerable. OnStar uses cellular and GPS technologies to perform multiple functions — everything from “real time” directional/roadside assistance to help finding a gas station to unlocking a vehicle’s doors remotely if the owner accidentally leaves them in the ignition before inadvertently closing the door.
In theory, if a hacker manages to penetrate the OnStar system, he might be able to unlock your car’s doors without a key — and without you ever suspecting a thing until you come back from shopping to find your car’s been emptied of its valuables. Or stolen outright.
OnStar representatives claim protocols are in place to prevent viruses from corrupting their system, but while these have been successful so far, industry experts point out that’s no guarantee of perpetual invulnerability.
To date, the threat has been limited to desktops and laptops (mostly PCs) using wireless technology or connected to the Internet — where viruses are a constant source of worry. But the technology finding its way into cars is not dissimilar — and as with in-car phones and Bluetooth, these devices increasingly communicate with each other. And it is this communication that creates the potential vulnerability — the “bridge” over which a future virus may travel from your cell phone, PDA or laptop directly into your car’s electronic brain.
The Prius, for example, uses a proprietary operating system called Symbian — which may be the reason Cabir was unable to do any damage. But even a proprietary system can be hacked if a determined hacker figures out the code and evades built-in firewalls and defenses.
Cars are becoming exponentially more complex with each new model year. Formerly high-end/niche technologies such as GPS navigation systems becoming commonplace features on even modestly priced vehicles such as the Honda Civic. Wireless communication systems are growing in popularity, too — with more and more new cars now offering hands-free integrated cell phones and some form of wireless communication technology such as Bluetooth. It’s a near-certainty that drivers will soon be able to access their e-mails and even surf the ‘Net while in their cars using technology built right into the vehicle.
These systems typically have an interface with a single control unit or display — all of it tied into the car’s general operating system — which also controls the engine and other components, such as the audio and climate control.
The average new car, according to IBM, already contains around 20 individual processors to monitor and control various functions — everything from the transmission’s shift points to the operation of the defroster — with about 60 megabytes of software code.
Given the inventiveness of traditional computer hackers, it’s not unreasonable to imagine they’ll eventually succeed at wreaking havoc with our increasingly high-tech cars.
Comments? Auto Hacking: Should You Be Concerned?
Further Reading: © 2009 NMA