Car computer systems hacked remotely - Be Afraid, Very Afraid
Your car is highly vulnerable to Malware via cellphones, Wi-Fi, infected MP3 and other means. Be very afraid! - Hackers can hijack the car's computer systems to disable the brakes, change the cruise control, turn the engine on and off, and control most of the electrical systems such as the lights, climate control, odometer, locks and your radio.
Researchers have found various vulnerable sites and ways hackers can gain access. Most modern cars have what is called an 'On-Board Diagnostics (OBD-II)' port. This is an access point that repairers hook-up to get data on the vehicle's performance and to modify various things such as the timing of the engine, and most of the car's electrical systems and functions. This is a primary access point for hackers as virtually everything can be changed using this port designed to provide direct access to the car's computer.
Direct access to internal systems is a simple matter of connecting a laptop to the on-board diagnostics port, which is now mandatory for all cars in the United States. This port "provides direct and standard access to internal automotive networks."Attached to these networks are all sorts of sensors, diagnostics and wireless systems - many of which can be directly upgraded by a user or a hacker. This is heaven for a hacker wanting to attack or control automotive subsystems. New software could be installed to enable remote control access via cellpones, Wi-Fi and any of the system in the car that are controlled by remote control buttons.
Another major entry point is the car's cellphone hardware which provides a connection to the car's computer system. Malware could be installed that would enable a thief to unlock the car remotely and to take over various other systems. Researchers were able to hijack the car using a Trojan app on a phone that had the Android operating system installed. Any cellphone software can be hacked and the cellphone port provides a vulnerable entry point. Remote access was gained by the researcher using the car's Bluetooth system. This can be accessed remotely via a laptop or Cellphone.
Hackers can even hijack your car's computer system via the stereo system in various ways. There are so many remote control devices in the car that are vulnerable. The stereo systems is often intertwined with other electronic systems in the car such as the GPS and climate control. The researchers demonstrated that malware embedded in an MP3 file on a thumb drive could install itself into the car's computer system and provide access to remote hijacking.
Many of the modern car's automatic systems such as cruise control could theoretically be hacked and interfered with. Similarly a hacker could gain access to a car's a self-parking system and could potentially allow the car to be driven away by the hacker in a similar way to a remotely controlled toy car. Be Very Afraid!
Imagine the mayhem if your car was hacked. A hacker could sit in a nearby cafe with his Wi-Fi connected laptop or cellphone and connect to your car's computer as your crawled past in traffic. The hacker could force you car to accelerate suddenly or to brake without warning causing a crash. This sounds like the plot of a B-Grade horror movie. Be Very Afraid!
Imagine if someone could hack the Google's self-driving car. Be Very Afraid!
Google has been working on the system for some time and Google has admitted that it has been testing the system using a fleet of prototypes. The cars have logging more than 140,000 miles on public roads. These vehicles were manned, but only as a backup. Google said that the software could negotiate the routes on public roads with minimal human intervention. The vehicles were reported to have crossed the Golden Gate bridge, driven along the Pacific Coast Highway, and even driven right around Lake Tahoe.
Various computer-assisted accident prevention devices have been installed in luxury cars for several years. Google’s software includes very sophisticated methods for avoiding collisions which are major advances on the computer-aided accident prevention systems on modern luxury cars. These systems can automatically apply the brakes when your car gets too close to the car in front.
But imagine if someone took over these systems. How vulnerable are these systems to hacking and what security systems are in place to prevent this? This is no information on this.
My teenage son is doing a robotics unit at High School. His project is to add a GPS system to a remote controlled plane and to develop a way of flying the plane to a predetermined location and to drop a candy bar on a target. Be Very Afraid!
There is growing concern that the software controlling Cruise Missilesand the Drones used very successfully in Afghanistan, and in other conflicts could be hacked remotely in flight, or that terrorists could steal these devices. Be Very Afraid!
As Discover Magazine reports, modern vehicle computer systems such as Electronic Stability Control, Automatic Parking Systems, Emergency Braking Systems and Active Cruise Control are connected directly to accelerators, brakes and steering controls in the car and are potentially controllable by remote devices. Car computer systems are becoming more sophisticated and the parts of the car that can be controlled is expanding all the time. As with other computer systems, developers forget that their systems can be hacked remotely. The more complex and integrated systems are the most vulnerable because of the number of entry points and hijacking targets that are available. A single enry point can give access to everything because the system is highly integrated.
Modern car computers are very complex indeed. The S-class Mercedes-Benz is reported to require over 20 million lines of code for its systems. This is almost as complex as the system for the new Airbus A380. Where there is a software system, there is a hacker waiting to gain entry to it. The more complex the system the easier it is to hide the malware in it.
Which Systems are Vulnerable and Can be Changed Remotely?
- Engine speed
- Brakes
- Door locks
- GPS navigation systems
- Luggage Compartment, Trunk and Hatch
- Engine Cover
- Car Horn and warning systems
- Radio and music systems
- Fuel Gauge
- Speedometer Readings
- Panel illumination
- Engine performance and shut down
- Windscreen wipers and washers
- Headlights and Interior lights
- Ignition locks
- Car security systems and steering locks
- Electronic Brake Control Module
- Automatic Parking Systems
- Emergency Braking Systems
Be Afraid, Be Very Afraid!
Conclusion:
- Car computer systems are highly vulnerable to hijacking by hackers and there is an urgent need to install industrial level firewalls and other control devices which are virtually non existent at the moment.
- There is a need to focus on all the vulnerable entry points and insert firewalls to inhibit access to the entire integrated system from a trivial entry point such as the radio and music system!
- Car manufacturers need to urgently update the security of automotive computer systems.
