A new report highlights several security deficiencies in modern automototive electronics systems.
The report was released by McAfee in partnership with embedded security firm Escrypt and mobile/embedded software company Wind River.
According to the report, potential risks range from tracking a vehicle's location using RFID tags embedded in tires to remotely disabling critical systems via Bluetooth. It cites research being done at the University of California, San Diego, which shows critical safety components can be hacked remotely using a program they call CarShark.
Researchers suggest just how far this sort of attack could go:
The other area of concern for researchers is the growing number of embedded systems capable of storing and accessing personal information, and potentially even devices like smartphones you may be using to communicate with them.
At least one of the researchers involved believes it will be a few years before these issues are addressed.
Stefan Goss spent nearly a decade working for Volkswagon, first as head of instrumentation development and later as head of diagnostics development, before becoming a professor of automotive technology at Ostfalia University of Applied Sciences this year.
He predicts:
You have to wonder whether it will take one or more highly publicized incidents involving these sorts of vulneratilities before that happens.
According to the report, potential risks range from tracking a vehicle's location using RFID tags embedded in tires to remotely disabling critical systems via Bluetooth. It cites research being done at the University of California, San Diego, which shows critical safety components can be hacked remotely using a program they call CarShark.
Researchers suggest just how far this sort of attack could go:
Going one step further is to combine the CarShark attack and weaknesses of Bluetooth implementation in cars. Once the attacker guesses the Bluetooth PIN, the attacker could mount the CarShark attack. Other wireless devices like web-based vehicle-immobilization systems that can remotely disable a car could be manipulated in these situations as well. The immobilization system is meant to be a theft deterrent but could be used maliciously to disable cars belonging to unsuspecting owners.
The other area of concern for researchers is the growing number of embedded systems capable of storing and accessing personal information, and potentially even devices like smartphones you may be using to communicate with them.
At least one of the researchers involved believes it will be a few years before these issues are addressed.
Stefan Goss spent nearly a decade working for Volkswagon, first as head of instrumentation development and later as head of diagnostics development, before becoming a professor of automotive technology at Ostfalia University of Applied Sciences this year.
He predicts:
Vehicles of all price segments are equipped with several electronic units, which in the near future, will boast dramatically increased computing performance and interfaces. Each interface serves as a motivator and means for an attacker to access the vehicle. We can expect new challenges to protecting the changing interface of embedded systems in cars. Vehicle makers have to solve the conflict of implementing security mechanism without losing customers acceptance. I expect a new chapter of car security in the next two car generations.
You have to wonder whether it will take one or more highly publicized incidents involving these sorts of vulneratilities before that happens.
