Cars 2.0 : Hacking by hi-fi & Playing catch-up

4/4/2012 5:48:09 PM
Cars 2.0

Are connected vehicles vulnerable to cyberattack? Let’s explain.

Researchers at the University of California and the University of Washington have created the world’s first zombie car, using wireless cyberattacks to seize complete control of a modern saloon. The attacks compromised every embedded electronic system in the vehicle, from the lights and CD player to in-car communications, GPS, locks, alarms and brakes.

The researchers were able to unlock the car, disable alarms anti start the engine, track journeys by GPS, and even record conversations inside the car. Now the automotive industry is scrambling to reassure drivers that their cars are unlikely to be hijacked while in the fast lane of the motorway.

Yoshi Kohno is part of a University of Washington team that first attacked automotive security systems last year, with malware called CarShark that required a physical connection to a car’s diagnostic port. “A mechanic or valet might be able to do that, but it’s a bit farfetched,” he says. “So we wondered if we could gain access to a car’s internal computer network without ever having to physically touch it.”

It turns out that they could and in several ways. One method required hacking a wireless diagnostic tool used by garages but others could be carried out by anyone with a laptop or even a mobile phone.

Hacking outside the box

Now that digital technology pervades our everyday lives, laptops and websites are far from the only potential targets for cybercriminals. Embedded systems are a security scandal waiting to happen, and they can be found almost everywhere.

Power crazed
Researchers at this summer’s Defcon security conference in Las Vegas unveiled a device that could compromise security systems and baby monitors using powerline technology (sending information over domestic electricity circuits). By plugging their device into an outside socket, the researchers were able to monitor cameras and disrupt alarm systems.

Lethal injection
Many modern medical devices use short range wireless communications for control and feedback. One researcher has demonstrated that he can force a personal insulin pump to inject dangerous quantities of the drug or shut itself off altogether. Another has shown that he could turn off pacemakers remotely.

Keep your trousers buttoned at this year’s Christmas party. Cloud security firm Zscaler recently posted dozens of images that it had downloaded from web-enabled scanners in businesses and private homes. Unsecured web servers built into high-end models were the culprits.

Hacking by hi-fi

Loading malware on a CD and playing it in the car’s media centre was one trick. Others involved attacks via Bluetooth and dialling up the car’s built-in telematics system. Using this technique, Kohno’s team was able to control a car remotely by playing an audio file ‘song’ down a standard phone line. Once they had accessed even one corner of the car’s network, the researchers were able t enslave the entire vehicle, says Kohno: “It turns out that it’s very hard to segregate components within a car. For example, think about a modern luxury car that turns up the radio as you accelerate. That means there’s communication going on to tell the radio the car is going faster or slower.” Electronic systems in cars have always had weaknesses but, as with PCs, it took the arrival of digital connectivity to amplify the dangers. Cars are getting enhanced calling systems, web connectivity and app stores hut manufacturers haven’t paid much attention to security issues,” says Kohno.

Stephen Checkoway of the University of California agrees: “Modern cars have tens to hundreds of computers running millions of lines of code rife with old vulnerabilities. One problem is the business model of the auto makers. Manufacturers outsource components, then take a bunch of widgets and stick them together. They don’t have the source code so they can’t do security audits or check for vulnerabilities. Almost without exception, every bug we found lay at the intersection of two components.”

Playing catch-up

Raj Samani, Chief Technology Officer for security firm McAfee in Europe, sees it from another angle. “The pace of change with cars and embedded systems is dramatically fast,” he says. “99 times out of 100, we’re trying to play catch up with new risks that are coming. We’re going at a million miles an hour.”

That is not the best speed at which to make major changes. Updating embedded systems software should be feasible but you don’t want your car to do a software update while you’re driving at 60mph,” says Kohno.

It’s better to include security features from the ground up, says Samani: “The cost of recalling a car is significant. It’s much more cost effective to build in security by design.” Some manufacturers are leading the way. Vehicles using Ford’s Microsoft-developed Sync system have a hardware firewall to regulate information flow between the entertainment and control computers, and prevent the car’s media player from downloading or running any new code.

Building cyber-secure cars for tomorrow is clearly sensible, but it doesn’t help us today. “Many of today’s automotive systems were not designed with security in mind, admits Kohno, before explaining that even his team of experienced computer security academics took several ears to uncover all the vulnerabilities of their test car. I don’t think people need to immediately cringe and worry about these threats in the near future,” he says. “What scares me most is industry, government and third parties not proactively trying to secure future automobiles that will be even more communicative.”

Description: Malware can be loaded onto a car’s computers via the hi-fi system

Malware can be loaded onto a car’s computers via the hi-fi system

Cat Hackforth: Speed of security

“As Stephen Checkoway points out, the weakest points in an IT system are typically the intersections between pieces of technology, and the more connected hardware becomes, the more links there are and the more potential vulnerabilities.

That said, I think we should be heartened by his team’s ability to enslave a car-by seeking out a worst-case scenario, they hay enabled security developers to stay ahead of would-be hackers.

Early computer networks were particularly vulnerable to exploitation because it was unexpected- Robert Tappan Morris, the creator of the first computer worm, claimed even he didn’t realise what he had released on the world. Teams like Checkoway’s are testing modern cars to the limit before disaster strikes and, importantly, security companies are taking notice.

It’s also worth remembering that features like keyless entry are designed to solve a much more likely form of car crime- thieves hooking a piece of wire through a letterbox and fishing for keys near the front door. Your average car thief looks for an easy opportunity, and placing a data CD in the stereo isn’t it. If they have access to the stereo, they’re already behind the wheel.

Improvements in security technology have seen UK car thefts drop from 600,000 a year in 1990 to 107,000 in 2010, and I’m willing to bet that trend will continue for many years.

  •  Automated cities : App development & Urban OS in the UK
  •  Searching for Google’s future (Part4) - Smarter search
  •  Searching for Google’s future (Part 3) - Gene genie
  •  Searching for Google’s future (Part 2) - Playing a long game & Mobile money
  •  Searching for Google’s future (Part 1) - Taking the tablets
  •  Small Business Development Centers - Assistance For Entrepreneurs
  •  How to set up your own virtual private network (Part 2)
  •  How to set up your own virtual private network (Part 1)
  •  LCD NEC EX201W
  •  Collaborating via Web-Based Communication Tools : Evaluating Web Conferencing Tools
  •  Visual Studio 2010 : Writing Custom Facebook Applications - Querying Data from Facebook
  •  Writing Custom Facebook Applications - Creating Your Application with Visual Studio 2010
  •  Xen Virtualization : Installing Xen from Source
  •  Xen Virtualization : Installing Xen from Binary Packages
  •  Introducing IBM BPM and ESB : IBM SOA Reference Architecture & Introducing IBM WebSphere Process Server
  •  Introducing IBM BPM and ESB : Achieving success through BPM enabled by SOA
  •  Separating BPM and SOA Processes : Example-Process for Handling Credit Card Disputes
  •  Separating BPM and SOA Processes : The Model Stack & Design Tips on Separating BPM and SOA
  •  BizTalk 2006 : Editing and Resubmitting Suspended Messages (part 2) - Pseudo-Walkthrough to Perform Edits and Resubmits
    Top 10
    Windows Vista : Installing and Running Applications - Launching Applications
    Windows Vista : Installing and Running Applications - Applications and the Registry, Understanding Application Compatibility
    Windows Vista : Installing and Running Applications - Practicing Safe Setups
    Windows Server 2003 : Domain Name System - Command-Line Utilities
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 2)
    Microsoft .NET : Design Principles and Patterns - From Principles to Patterns (part 1)
    Brother MFC-J4510DW - An Innovative All-In-One A3 Printer
    Computer Planet I7 Extreme Gaming PC
    All We Need To Know About Green Computing (Part 4)
    All We Need To Know About Green Computing (Part 3)
    Most View
    All You Need To Know About iOS 6 (Part 3)
    Upgrade Power - Guidelines For PSU Buyers (Part 4) - Cooler Master Silent Pro Gold 800W, Corsair Enthusiast Series Modular TX850M
    Just My Type (part 2) - ZAGGfolio,Writer Plus, keyPAD, Professional Workstation
    VLC Player : What Tricks This Great Little Player Can Do
    How To Buy…A NOTEBOOK PC (Part 2)
    Design and Deploy High Availability for Exchange 2007 : Design Edge Transport and Unified Messaging High Availability
    ROG G55VW Gaming Laptop
    The Best iPad Cases
    Troubleshooting Reference : Tablets & Smartphones
    Externalizing BLOB Storage in SharePoint 2010 (part 1)
    Dell Inspiron 14R 5420 Review (Part 1)
    Top 10 Smartphones August – September (Part 1) - Samsung Galaxy S III, HTC One X, Apple iPhone 4S,Nokia Lumia 800,Sony Xperia S
    H8-1090D Desktop PC - Elite Class
    Ditch Your Laptop For Your Phone (Part 2)
    Algorithms for Compiler Design: THE ARRAY REFERENCE
    Managing SharePoint 2010 Data : Content Types
    Seagate Backup Plus Portable HDD
    Samsung LED TV ES8000 - The SMART in Smart TV
    Lenovo IdeaPad Z580 - Keeps Up The Tradition
    Windows Server 2008 Server Core : Working with Scripts - Using the Scripting Objects