Security Experts: Car Hacking Is Real and We Need To Prepare

Illustration for article titled Security Experts: Car Hacking Is Real and We Need To Prepare

Getting hacked, whether on a desktop or smartphone, pretty much sucks. In a way, your entire digital life is an open book and even the control of your devices can be wrenched away from you. But imagine it's not a smartphone getting ripped from your hands but rather your car's steering wheel.

Advertisement

These are the 21st century security risks automakers must face in a time when a car's computer chip is as important as its engine. Hacking a car isn't science fiction. It's a thing that's happening, and one security advocacy group wants to address the problem to avoid future disaster.

At this weekend's Def Con 22 hacking convention in Las Vegas, a collection of security experts, going by I Am the Calvary, presented an open letter to the automotive industry and detailed a five-star safety plan to help make cars more hack proof. "The goal of our outreach effort here is to catalyze greater teamwork between security researchers and the automotive industry," the group says in the letter. "Our combined expertise is required to ensure that the safety issues introduced by computer technologies are treated with the same diligence as other classes of automotive safety issues."

Advertisement

The plan's five main points center around rigorous testing and transparent design, third-party collaboration, a consistent method to capture malfunction evidence (whether deliberate of otherwise), frequent security updates, and segmenting vital systems, like braking, from the infotainment system. That way hackers can't smash airbags into your face just because they have control of what's on the radio. The team has also assembled a petition to help raise awareness and get the public involved.

Cars are just one new frontier among many others, including the Internet of Things, to be new targets for hackers and malware. As was true with PC and mobile hacking, when a technology is widely adopted and profit is possible, people will find away to exploit it. But with our lives depending on virus-free autos, safety can't be retroactive. [CNET]

Share This Story

Get our newsletter

DISCUSSION

2noob2banoob
Zeust the Mepsuan

Of course, just make sure that there is absolutely NO connection - whether direct or via other in-car computers - between the steering/accelerating/braking computer and the internet. A downside of this is that updates can't be applied without physical access, but this is the only way to achieve an acceptable level of security.

I know that properly secured connections can go a long way, but there is no way to make those 100% hack-proof. And once someone decides to make an exploit and publish it, anyone looking to crash your car can just download the exploit and use it... So no, secured connections aren't secure enough in my opinion.

Of course, someone with physical access to your car can mess with it no matter what. It has always been that way, even when cars were purely mechanical. But let's at least keep it so that this kind of messing requires physical access.