By the time you see this headline, the
first question that pops into your mind is: Could a Car get a Computer Virus? Well
the answer to that question is a capital YES!
In the past, car viruses were rare
because one of the only ways to infect a vehicle was by a mechanic and via the
computer or software he used to diagnose problems with the car.
More than 100 Texas drivers could have been
excused for thinking that they had really horrendous luck or -- at least for
the more superstitious among them -- that their vehicles were possessed by an
evil spirit. That's because in 2010, more than 100 customers of a dealership
called Texas Auto Center found their efforts to start their cars fruitless, and
even worse, their car
alarms blared ceaselessly, stopped only when the batteries were removed
from the vehicles [source: Shaer].
What seemed to some to be a rash of coincidence
and mechanical
failure turned out to be the work of a disgruntled employee-turned-hacker. Omar
Ramos-Lopez, who had been laid off by the Texas Auto Center, decided to exact
some revenge on his former Austin, Texas employer by hacking into the company's
Web-based vehicle immobilization system, typically used to disable the cars of
folks who had stopped making mandatory payments [source: Shaer].
Besides creating plenty of mayhem and generating a flood of angry customer
complaints, Ramos-Lopez, who was eventually arrested, highlighted some of the
vulnerabilities of our increasingly computer-dependent vehicles from a skilled
and motivated hacker.
Although Ramos-Lopez's attack generated a lot of
attention, his hacking was fairly tame compared to the possibilities exposed by
analysts at a number of different universities. Indeed, in 2010, researchers
from the University of Washington and the University of California at San Diego
proved that they could hack into the computer systems that control vehicles and
remotely have power over everything from the brakes to the heat to the radio
[source: Clayton].
Researchers from Rutgers University and the University of South Carolina also
demonstrated the possibility of hijacking the wireless signals sent out by a
car's tire pressure
monitoring system, enabling hackers to monitor the movements of a vehicle.
Taken together, these events show that cars are
increasingly vulnerable to the sort of viruses (also known as malware)
introduced by hackers that routinely bedevil, frustrate and harm PC users
everywhere. Obviously, this has real implications for drivers, although the
researchers themselves point out that hackers have not yet victimized many
people. But the ramifications are clear.
"If your car is infected, then anything that
the infected computer is responsible for is infected. So, if the computer
controls the windows and locks, then the virus or malicious code can control
the windows and locks," says Damon Petraglia, who is director of forensic
and information security services at Chartstone Consulting and has trained law
enforcement officers in computer
forensics. "Same goes for steering and braking."
As high-technology continues to creep into horseless carriages everywhere, there's one thing we can all count on: abuse of that technology. According to Reuters, Intel's "top hackers" are on the case though, poring over the software which powers the fanciest of automobile technology in hopes of discovering (and dashing) various bugs and exploits.
Except
under the most specific of scenarios, the damaging results from an attack
against an unsuspecting user's personal computer are often limited. Hackers may
be able to cripple a computer, invade a user's privacy or even steal someone's
identity. Causing personal injury or death though, is typically out of the
question. However, with an increasing amount of technology and software proliferating modern
vehicles, this could all change.
"You
can definitely kill people," asserts John Bumgarner, CTO of a
non-profit which calls itself the U.S. Cyber Consequences Unit.
As
outlined in the following publication, Experimental
Security Analysis of a Modern Automobile (pdf), researchers have
already shown that a clever virus is capable of releasing or engaging brakes on
a whim, even at high speeds. Such harrowing maneuvers could potentially
extinguish the lives of both its occupants and others involved in the resulting
accident. On certain vehicles, researchers were also able to lock and unlock
doors, start and disable the engine and toggle the headlights off and on.
Ford
spokesman Alan Hall assures us, "Ford is taking the threat very
seriously and investing in security solutions that are built into the product
from the outset". Ford has been an industry leader in adopting
advanced automotive technologies.
Thus
far, there have been no reported incidents of injury or death caused by
automobile hacking. That's according to SAE International, a major standards
committee for automotive and aerospace industries.
When
asked by Reuters whether or not there had been any such reports, most
manufacturers declined to comment. However, McAfee executive Bruce Snell
claims that automakers are still very concerned about it. Snell
admits, "I don't think people need to panic now. But the future is
really scary." McAfee, which is now
owned by Intel, is the division of Intel investigating automobile cyber
security.
We
can only hope and pray that solution arrives early enough before this viruses
are being released en-masse which could endanger the lives of innocent car
owners.
4 comments → Car viruses? Do you even believe they exist?
Was talking to a mechanic about this just last year. Had to get a new transmission put in the family car because a sensor went bad & the computer arbitrarily decided to throw the transmission into reverse while I was driving down the expressway. With the amount of computer controlled systems in new & upcoming autos (esp. with German cars), it's only a matter of time before bugs & malicious code start wreaking their havoc on commuters.
What a thought provoking article!!
I have long seen mechanics using diagnostic tools that plug into a recepticle of the electronics of autos - mine and others' of course. But in chatting with one of my mechanics I learned that they connect these diagnostic appliances to their PCs with USB cables to download updates!!
Therein lies a HUGE exposure. Think about it; if they are downloading diagnostic updates from a site that has been compromised, they may well be getting the updates with malicious code!! YIKES!
The exposure exists just like any time we connect private networks or systems to public networks, but the real risk is in the hackers' ability to craft their code to the hardware and OS of the automobile's systems. Not knowing anything about OS's or file structures of each model auto, I can't offer a real risk analysis, but obviously there aren't going to be more than a few combinations across all auto types, so the potential for damage is there with out doubt!
Well, yet another Anti Virus opportunity for the AV software vendors and one more thing to make our cars/trucks start more slowly
:-D
Every device which uses internet, GPRS or G3 service may cause virus to your device. So save your device from viruses trough anti virus.
Or, for the paranoid (read just careful) drive an old car pre-injection, manual or old-school (Non-computer-controlled) auto
Anything pre 1970s should fit the bill. Plus you can do most mechanical repair work yourself. Older cars ofter have great classic car club and industry support.
Post a Comment