Rich Fiscus
8 Sep 2011 11:54
A new report highlights several security deficiencies in modern automototive electronics systems.
The report was released by McAfee in partnership with embedded security firm Escrypt and mobile/embedded software company Wind River.
According to the report, potential risks range from tracking a vehicle's location using RFID tags embedded in tires to remotely disabling critical systems via Bluetooth. It cites research being done at the University of California, San Diego, which shows critical safety components can be hacked remotely using a program they call CarShark.
Researchers suggest just how far this sort of attack could go:
Going one step further is to combine the CarShark attack and weaknesses of Bluetooth implementation in cars. Once the attacker guesses the Bluetooth PIN, the attacker could mount the CarShark attack. Other wireless devices like web-based vehicle-immobilization systems that can remotely disable a car could be manipulated in these situations as well. The immobilization system is meant to be a theft deterrent but could be used maliciously to disable cars belonging to unsuspecting owners.
Vehicles of all price segments are equipped with several electronic units, which in the near future, will boast dramatically increased computing performance and interfaces. Each interface serves as a motivator and means for an attacker to access the vehicle. We can expect new challenges to protecting the changing interface of embedded systems in cars. Vehicle makers have to solve the conflict of implementing security mechanism without losing customers acceptance. I expect a new chapter of car security in the next two car generations.