FutureWatch - Carhacking
As high-tech features like adaptive cruise control, automatic braking and automatic parallel parking systems make cars smarter, it's also making them more vulnerable to hackers – a risk that an automotive security researcher says carmakers appear to be ignoring.
"There's no culture of security," said Chris Valasek, director of vehicle security research at the computer security consulting firm IOActive, in a keynote speech at the SecTor IT security conference in Toronto this week....
In recent years, security researchers at the University of Washington showed they could hack a car and start it either via the systems used for emissions testing or remotely using things like Bluetooth wireless connectivity or cellular radio to start the car.
Others showed they could hack a car remotely via a cellular-based car alarm system to unlock the doors and start the engine.
Valasek himself and his research partner Charlie Miller, a security engineer at Twitter, have been starting to experiment with remote attacks after demonstrating that a laptop inside the car can be used to disable brakes and power steering and confuse GPS and speedometers.
In recent years, security researchers at the University of Washington showed they could hack a car and start it either via the systems used for emissions testing or remotely using things like Bluetooth wireless connectivity or cellular radio to start the car.
Others showed they could hack a car remotely via a cellular-based car alarm system to unlock the doors and start the engine.
Valasek himself and his research partner Charlie Miller, a security engineer at Twitter, have been starting to experiment with remote attacks after demonstrating that a laptop inside the car can be used to disable brakes and power steering and confuse GPS and speedometers.
Security experts at Kaspersky have noted that modern-day cars which are semi-autonomous can already be hacked, raising security concerns for future self-driven vehicles.
The threat is already here
“The car is built on the premise that the internal combustion engine is not accessible, which is not true. The threat to cars is already an issue,” said Alexandar Moiseev, Managing Director of Kaspersky Europe.
“You don’t need autonomous cars to be hacked,” was his damning statement.
Electronic over mechanical
Car manufacturers have increasingly adopted electronic control systems over mechanical in current-day modern cars and with this brings plenty of potential security risks.
“There have been a few security breaches in the car recently. The problem is that IT security was never involved into the design of the cars themselves,” noted Moiseev.
“It’s like living in a house with no roof and being worried about security. You can put bars on the windows, but that won’t help,” he added.
The risks
Two areas in a modern day car that are already open to hackers or attackers were highlighted by Moiseev, with them being:
- Automated parking assist
- In-car microphones with access to your conversations, infringing with driver privacy.
While these features are seemingly harmless on first glance, there are potent security risks with both features, taking into account the inherent vulnerabilities present.
“You have park assist, you press a button and it parks your car. It’s the ultimate proof of concept,” elaborated Moiseev.
“It is a piece of software that resides on the head unit, which is connected to different components. It can steer the wheel for you, it can use the breaks, it can use the throttle, it can lock the doors, and it can use the sensors. I don’t need anything else to drive the car, and this is a piece of software.”
“Is the head unit accessible? Yes, it is. This is accessible, people could change this software.”
Upon discussing the car’s integrated and in-built microphone system, he made an analogy, saying: “Imagine a mega VIP who visits rooms which are completely secured. He has tonnes of bodyguards, he is totally protected and everyone is interested in the data he knows, but then suddenly you can gain access to the microphone in his car.
“The real problem right now is that nobody can tell you for sure that those threats are not active.”
While this may sound dramatic, the reality is that such fears being realized are entirely within the realm of possibility.
Kaspersky is partnering with car manufacturers to assist and collaborate over cybersecurity issues with autonomous self-driven cars that are connected a soon-to-be reality in the coming years. For its part, Kaspersky isn’t pushing a car-centric security product for consumers just yet.
“Many of our competitors would say it’s stupid, because we could jump out with an immediate product right now to solve the problems, but for us, that’s not the goal – to be really short term,” Moiseev explained.
“If we release the product today, within an hour it will be obsolete, the speed of development of malware is so fast,” he concluded.
Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.
0 comments:
Post a Comment