Report Says Cars Face Growing Threat of Hack Attacks

Texting and driving are a bad combination, but according to a new report it could get a lot worse.

An analysis by computer security giant McAfee titled “Caution: Malware Ahead” suggests that the large amount of electronics being used in cars today is making them increasingly vulnerable to hack attacks, even by something as simple as text message.

Embedded systems, including those for engine management, active cruise control and airbags, now live side by side with telematics that connect vehicles to wireless communication devices and the “cloud” through services like Ford’s Sync and General Motors’ OnStar, which has the ability to shut down cars and unlock doors remotely. Get in one virtual door and the others may be even easier to open.

Many automakers also offer programs and apps that give owners the ability to start their car via their smartphones, remotely set charging times for plug-ins like the Chevy Volt and track the location of vehicles, creating further avenues into their computer systems. Conversely, once they have accessed the brains of a car, intruders could theoretically use them to retrieve personal information from connected devices. It’s the 21st century version of a car thief rifling through a purse found in a glove compartment.

While the report notes that there have been no known malicious attacks on cars fitted with factory equipment, it does sight one incident where a disgruntled former employee of a car dealership disabled 100 cars by manipulating an aftermarket security system that had been installed on them.

Additionally, McAfee cites an experiment done by researchers at the Center for Automotive Embedded Systems Security where they were able to access safety components in a vehicle via a wired connection and again using Bluetooth.

For its part, the automotive industry is aware of the risks and constantly working on defenses against what is viewed as an evolving threat. Through the Society of Automotive Engineers, the industry has set up a Vehicle Electrical System Security Committee to develop broad strategies to prevent breaches and mitigate undesirable effects of successful ones.

General Motors spokesman Dan Flores tells that GM considers “vehicle security a top priority and we are focused on equipping our vehicles with both the features and security protections our customers want and need.”

According to Chrysler engineering communications manager Vince Muniga, his company’s programmers regularly update the software needed to keep hackers out of their cars and bombard the vehicles with every type of electronic signal imaginable, not only to search for interference that can cause glitches in the systems, but to discover back doors that hackers could use to get into their electronic architecture. Nevertheless, Muniga concedes that “if someone spends eight months trying to unlock the doors, they probably can, but we try to make the firewalls as bulletproof as possible.”

To ensure that Sync isn’t used as a gateway to more critical systems, Ford technology spokesman Alan Hall says that it and the infotainment systems it works with are completely isolated from the vehicle control systems. Any devices that connect to it through Bluetooth or USB also have to use digital signatures approved by Ford, and Hall adds that the automaker does its best to keep up with new practices in the hacking world and regularly runs simulated attacks using the latest methods.

Just like their counterparts working on the Web, the key to cybersecurity for automakers appears to be trying to stay one step ahead of would be hackers and making things as difficult as possible for them by remaining a moving target, something they have more than a little experience with outside of the cyberworld.

Click here for more from Autos