Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Car Hacking: Researchers Highlight Emerging Risks and Lack of Security in Automobiles

As more and more digital technology is introduced into automobiles, the threat of malicious software and hardware manipulation increases. 

ISec Partners’ researchers got a lot of attention at Black Hat this year when they demonstrated how to start a car’s engine via text message. As it turns out, that was just the latest of several examples of how attackers can turn the electrical systems in your car into their own personal lock pick.

As more and more digital technology is introduced into automobiles, the threat of malicious software and hardware manipulation increases. 

ISec Partners’ researchers got a lot of attention at Black Hat this year when they demonstrated how to start a car’s engine via text message. As it turns out, that was just the latest of several examples of how attackers can turn the electrical systems in your car into their own personal lock pick.

Caution: Malware Ahead, Threats Facing Automotive SystemsIn a new report, McAfee – in partnership with Wind River and embedded security provider ESCRYPT – highlighted research into the risks facing the automotive industry as companies continue to add connectivity to embedded systems. The technology has made its way into today’s cars in a number of ways, including anti-lock braking systems and GPS navigation systems.

This trend extends way beyond cars to devices such as Internet-capable HD televisions. However, the security of such devices is sometimes ignored – not just by consumers, but by network administrators as well. In a recent email discussion with SecurityWeek about the Morto worm, Sean Sullivan, security advisor at F-Secure, noted that networked devices like TVs are often overlooked because IT security doesn’t consider them to be at risk since there is no data to lose. Once a device is infected by a worm however, it can eat up a network’s bandwidth.

“Indeed, back in 2002, the firm that I was working for had “guest laptops” in phone rooms,” he wrote. “They had network access, but were not members of the local domain. Because they weren’t on the domain, they were ignored by IT… until infected by a worm. At that point, the laptops consumed a bunch of bandwidth searching for more vulnerable machines… the network admins discovered the issue because the quality of the firm’s VOIP services noticeably declined.”

Tim Fulkerson, senior director of marketing for McAfee Embedded Security, contended consumers are starting to become more aware of the fact that connectivity has its risks. So far, McAfee has not seen specific tools available to hack into cars available in the cyber-underground, he noted.

“However, hackers can surf the internet and find techniques and tools to exploit Bluetooth and Cellular communications technologies used in cars,” explained Fulkerson. “So if a hacker wants to start targeting attacks to cars, it is not big a leap for a talented hacker to find ways to make this happen.”

In fact, the report highlights several examples, ranging from a rogue employee at a car dealership remotely disabling 100 vehicles to a team of researchers from Rutgers and the University of South Carolina mounting an attack that targeted vehicles’ use of RFID technology.

Hacking Cars

In another case, researchers at the University of California, San Diego, teamed with researchers from the University of Washington to show how the safety components of a vehicle could be hacked by an attacker with physical access to the electronic components inside the passenger cabin. The result of their efforts was software known as “CarShark” – which they developed using homemade software and a standard computer port.

Advertisement. Scroll to continue reading.

According to the report, it is time for consumers to begin asking questions about subjects such as the security of GPS data and what systems connect to the Internet or cellular network.

“The auto industry is experiencing a convergence of consumer and automotive electronics,” noted Georg Doll, senior director for automotive solutions at Wind River, in a statement. “Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities. The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”

The full report is available for download here.

Related Reading: Attacks on Mobile and Embedded Systems: Current Trends

Related Reading: Introduction to Security for Smart Object Networks Devices

Learn More About Embedded Security in the Smart Device Security Resource Center

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.