Thursday, September 22, 2011

Caution: Automobile Vulnerabilities are Closer Than They Appear

Remember when automobiles provided basic transportation and little else? Well, those days faded from sight in your rear-view mirror years ago.

Today’s cars can be started by your mobile phone and disabled from the Internet. Soon, some will even drive themselves. Many new models feature state-of-the-art infotainment systems, social networking capabilities and in-vehicle Wi-Fi hotspots. Built-in navigation systems and voice-activated controls are standard equipment these days—not just in high-end cars, mind you, but in entry-level Fords as well.

Mercedes, BMW and Lexus promote mind-blowing safety features such as blind-spot monitoring and dynamic stability control. There’s even a technology that measures a driver’s alertness and responsiveness and one that detects the presence of obstructions in the road ahead. However, as auto manufacturers continue to rush these new features to market, security cannot continue to be an afterthought

Gone in sixty seconds
A person’s personal information is far more valuable than the vehicle they drive. And, given the amount of personal information showing up in cars, autohacking is poised to explode. Will the next chapter of “Gone In Sixty Seconds” or “Grand Theft Auto” involve drive-by hacking?

Guaging Your Preferences
Wherever personal information is available, there’s money to be made. Onboard systems that provide access to email, voicemail, social networking and location-based media offer a treasure trove of valuable personal information. New vehicles now contain RFID tags in the rims that transmit tire-pressure information to the car’s control systems. Researchers have proven that cyberthugs can use these and other wireless transmissions to hack into the car’s digital systems to compromise passenger privacy.

Targeting embedded devices in automobiles is already happening. A provider of aftermarket GPS systems was recording driver behavior and selling it to Dutch police, who used data to target speeding vehicles. Perhaps the police should focus on their own security. One security expert was able to easily hack into onboard police cruiser systems, access dashcam video storage and copy and delete these files.

And what about the personal safety of drivers? Cellular signals from mobile phones and navigation systems now pinpoint a person’s location. Imagine the cyberstalking vulnerabilities that could be exploited by understanding a person’s behavior pattern, tracking their location and being able to remotely disable their vehicle. It’s scary, creepy—and yes—very possible.

Avoiding Digital Roadkill
Here’s the good news: There’s no need to become digital roadkill. There are proven technologies that make it easy to secure these systems. I believe that in the near future, security will be a key differentiator in the new breed of intelligent automobiles.

It’s fascinating stuff. If you’d like to learn more on this topic, I encourage you to download a recent report produced by McAfee and Wind River. It’s titled “Caution: Malware Ahead, An Analysis of Emerging Risks in Automotive System Security”.



By: Tim Fulkerson