Auto industry teams up with military to stop car hacking
Wed 26 Nov 2014
The U.S. military is working with car manufacturers to help prevent criminals stealing vehicles via hacking and – in more extreme cases – turning them into weapons.
A team of hackers is collaborating with military and industry groups to develop cyber security defences for commercially available cars, in response to a growing threat from criminals and terrorists.
In the UK, hackers are now responsible for a third of car thefts in London and there are fears that while technology is progressing, older models will remain vulnerable to attack.
Although there have been no reported instances of a car being completely commandeered outside of controlled conditions, during tests hackers come out on top every time – unlocking car boots, setting off windscreen wipers, locking brakes, and cutting the engine.
“You’re stepping into a rolling computer now,” said Chris Valasek, director of vehicle security research, IOActive, at the Los Angeles Auto Show earlier this month. Valasek revealed last year that he and a hacker had been able to infiltrate and control a 2010 Toyota Prius and a 2010 Ford Escape.
As vehicles become increasingly smarter, the connections provide further vulnerabilities which hackers are able to take advantage of.
“The danger comes in when this access can be attained remotely. This type of remote access requires an entry point other than the vehicles physical diagnostics port,” explained senior information security consultant at MWR InfoSecurity, Jacques Louw.
“As security has not been a prime objective for vehicle manufacturers in the past these systems have been tightly integrated, leading to a situation where the security of an in-car media player can affect the car’s brakes,” Louw added.
In a recent project managed by the U.S. Department of Defence, hackers were tasked with penetrating the system of a 2012 model car.
Kathleen Fisher, a computer scientist who led the test, reported that it had been possible to create an electronic key which could unlock the car’s network. Although it takes months to develop, Fisher explained, once it has been created it would be “pretty easy to package up the smarts and make it available online, perhaps in a black-market type situation.”