Car hacking: who’s monitoring (or controlling) your car?

September 19, 2014

The EFF says Ford shares emails sent via its Ford SYNC car-communication system with business partners (credit: Ford)

As vehicles become computers on wheels, the risk of car hacking is real, according to Australia-based Queensland University of Technology (QUT) road-safety expert Professor Andry Rakotonirainy from QUT’s Centre for Accident Research & Road Safety – Queensland (CARRS).

He has researched the security systems of existing fleet and future autonomous and connected cars and found there is little protection against hacking.

“The security protection on cars is virtually non-existent; it is at a level of protection that a desktop computer system had in the 1980s,” he said. “The basic security requirements such as authentication, confidentiality and integrity are not strong.

Accessing the “brains” of a car

“What this means is that as vehicles become more and more connected and autonomous, with the ability to communicate to other vehicles and infrastructure through wireless networks, the threat of cyber attack increases putting people’s safety and security at risk.”

The development of intelligent transport systems means future cars will be connected to wireless networks as standard. He said technology called CAN bus (controller area network), accessible under the steering wheel, provides access to the “brain” of a car and will allow anyone to check the health of a vehicle and control it.

“CAN bus allows all microcontrollers within a car to communicate to each other and is accessible via a mere plug,” he said. “It can be used to control almost everything such as the airbags, brakes, cruise control and power steering systems” and can be accessed locally or remotely with simple devices.

However, “applications of the future will depend on high data rates that cannot possibly be supported by today’s CAN” and other systems, according to an EE Times blog. “Parking cameras, HD digital infotainment, ADAS sensors like Radar and eventually the ‘eyes and ears’ for self-driving systems of the future will all be built on a high bandwidth Ethernet backbone…. [driven by the need to] minimize the additional cabling in the car. …  For example, BMW’s camera based driver assistance system is supported by Ethernet.”

Connected cars

vehicle2vehicle

A planned vehicle-to-vehicle (V2V) communications system could help drivers avoid accidents (credit: U.S. Department of Transportation)

“This is just the tip of the iceberg, as future cars will feature a tremendous mix of wireless networks and offer numerous opportunities to improve safety, entertainment and comfort,” Rakotonirainy continued.

“For example, cars will be wirelessly connected to other cars,” he said. “If a vehicle stops ahead, a warning can be issued to drivers behind to slow down, or vehicles can automatically take control and slowdown without the driver’s intervention. (KurzweilAI has covered this coming “vehicle-to-vehicle, V2V, technology in several articles.)

“It will also be possible for vehicles to connect with infrastructure. For example, if a light turned red, but an approaching vehicle failed to slow, perhaps because the driver was distracted, a warning could be issued or action taken to automatically control the vehicle.”

Rakotonirainy said that while these features had the potential to improve road safety, if someone hacks into a vehicle’s electronics via a wireless network and exploits the current security loophole, they can track or take control of it.

He said it was vital for car makers, government and road safety experts to turn their attention to this global security threat. “We need to be analyzing the types of risk that that these intelligent vehicles are facing and work to provide a secure, reliable and trusted protection system.

“A vehicle’s communication security over wireless networks cannot be an afterthought and needs to be comprehensively considered at the early stages of design and deployment of these high-tech systems from the hardware, software, user and policy point of view.”

Nightmare scenarios

“Modern vehicles can have as many as 200 CPUs and multiple communications networks between internal computer systems,” according to Ken Schneider, vice president of technology strategy at software security company Symantec, as Computerworld notes. “While most systems are isolated within the car, others are used to transmit data back to manufacturers, dealers or even the government. …

For example, “Ford says it’s collecting location data and call data if you use [Ford] SYNC to dictate emails. Ford then shares that data with business partners … according to the Electronic Frontier Foundation.”

Schnenider said nightmare scenarios could include traffic violations being issued without law enforcement officers on the scene or federal agencies having the ability to track your every move in a car.

“Perhaps even worse, if it were possible to hack into on-board systems, malicious software could be downloaded to a car’s computers, with potentially deadly outcomes. Among other things, a piece of malware could, for example, “tell the braking control system to suddenly activate,” Schneider said.