A new paper on the security of internet-equipped automobiles shows them to be, well, frighteningly insecure. Researchers were able to remotely cut the brakes, stop the engine, and lock out the driver on a typical, new-model networked vehicle.
Thinking back to the insecure early days of networked computing, a team of computer security specialists from the University of Washington and the University of California, San Diego thought it might be worth checking out how new automobiles—increasingly featuring computers and networked control systems—stood up to attempted hacking. Not very well, it seems!
The researchers successfully breached two test cars that were "representative of the computer network control systems that have proliferated in most cars today:
We demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.
I know some people get off on road rage and all that, but I generally like my driving to be as NOT-adversarial as possible. Worse yet, the team was successful in deploying "composite attacks," in which they were able to "insert malicious software and then erase any evidence of tampering after a crash," so your insurance company won't even believe you when you're blaming your damage on the hackers.
The marriage of cars and computers seems natural, or, at least, inevitable, but the security of these computers is literally a matter of life and death. As one team member said, "We found ourselves thinking we should try to get in front of this before it suddenly becomes an issue." Yeah that's probably a good idea. [NYTimes]
Image credit MNicoleM