Hacking Autos: Mischief Without Motive
The onboard computer systems in automobiles are vulnerable to hacks that could enable attackers to take control of the operation of a vehicle, but the risk to drivers today is very low -- perhaps negligible -- primarily because there's no obvious way to cash in. "Car hacking is a pretty damn inefficient way to attack someone," said Stefan Savage, a UCSD professor.
A couple of white hat security experts have shown how hackers could take control of an automobile's steering, braking and other operations through the vehicle's on-board computer.
Charlie Miller, a security engineer at Twitter, and Chris Valasek of security firm IOActive, demonstrated how they could control the brakes, steering, horn and more in a Toyota Prius.
Today's vehicles are more computerized than ever, with seemingly unrelated technologies such as CD players, Bluetooth hands-free phone systems and GPS units integrated. Systems such as OnStar and other roadside services already access vehicles remotely, suggesting that the type of gizmo utilized by Miller and Valasek might not even be required to hack its innards.
"When you get the OnStar links, the computer systems in the car and you add all this in, it is pretty simple to hack in," Justin Cupler, editor-in-chief of automotive review site TopSpeed.com, told TechNewsWorld. "There should be checks and balances to keep this from happening -- but clearly there is a way to hack around."
Today's cars are as much rolling computers as modes of transportation.
"There are as many as 100 microprocessors in a car," said Egil Juliussen, director and principal analyst at IHS Automotive.
"It hasn't been a problem before, as there wasn't an easy connection -- but as you get more communication links, you start having potential problems," he told TechNewsWorld. "With the telematics, Bluetooth and wireless connections, the system needs some security that you didn't need to do before. The automobile manufacturer is just starting to do this. We'll see more security going forward."
The white hat hack of the Toyota Prius, plus a similar demonstration with a Ford Escape, were not the first indications that vehicles could be subject to a hack attack.
The Center for Automotive Embedded Systems Security, which is a collaboration between researchers at the University of California San Diego and the University of Washington, have been looking closely at the many possible ways an automobile might be hacked remotely or its systems otherwise compromised.
"The risks today are probably pretty low, in that it takes significant technical sophistication to be able to compromise a vehicle remotely," said Tadayoshi Kohno, professor at the University of Washington's Department of Computer Science and Engineering.
"Following our experimental studies in 2010 and 2011, automobile manufactures and the U.S. government have been focusing significant efforts on improving the computer security of automobiles," he told TechNewsWorld.
In fact, since the publication of CAESS' studies in 2010 and 2011, the automotive industry has reportedly made great strides, but the researchers admit there is a long road ahead to fix everything.
"There are two classes of problems: the first being that an attacker who gains access to the CAN bus -- either via a compromised component, via a wireless vulnerability or via a third-party device like the Progressive dongle -- is able to have far-reaching effects on the car's functionality," said Stefan Savage, a professor in the Department of Computer Science and Engineering at the University of California San Diego.
That is essentially what Miller and Valasek were able to do with the Prius and the Ford, Savage added.
"The second issue is around the difficulty in planting such malicious software without having direct physical access to the vehicle," Savage told TechNewsWorld. "We demonstrated multiple such avenues in our 2011 paper. While we have worked with the manufacturers and/or vendors to fix or mitigate all the precise problems we identified in our work, it is extremely likely that other such avenues for attack still exist."
Motivations for Attack
At present hacking a car has little purpose, as it doesn't actually make the hacker any money. This could reduced the likelihood of such attacks.
"Excepting theft -- where the success of anti-theft measures like immobilizers has incentivized thieves to up their ante with technological counter-measures -- car hacking is a pretty damn inefficient way to attack someone," said Savage. "There is quite a bit of investment in time, money and expertise to get it to work reliably and much of this work must be repeated for each new vehicle model.
"There are typically much cheaper alternatives," he added. "Now these costs are going down, and the car hacking threat is one worth anticipating."
Addressing the Threat
The threat becomes more worrisome as wireless connectivity provides a way into the car and system technologies become more standardized.
"The telematics link provides a door into the car," added Juliussen. "In terms of software, we're moving from what was once proprietary and it took a lot of effort to hack into, to software programs using Microsoft or Linux systems, so the hacking becomes more feasible."
This has allowed people to remap the computer and even install chips to upgrade to aftermarket products.
"We've seen people install chips to reprogram the computer to juice up the power they get from the car," said Culper, "but now we're seeing hacking with these devices as well."
The solution might be protecting the car's computer much the way that people protect their PCs at home.
"Firewalls and antivirus might be the next step, and likely we'll see Norton and other companies getting into automotive firewalls," said Culpter.
However, none of that will become commonplace unless hackers discover some payoff in attacking a car.
"There will be those who want to hack to make a statement and show their skills, but real hackers want to earn money from this, and it could be a lot harder on autos than on PCs and smartphones," said Juliussen. "The economic gains are limited, so the average hacker wouldn't waste the effort."