Wednesday, 27 March 2013
cars and hack attacks
Hacking a car, once the stuff of spy novels and science fiction, is fast becoming a serious threat, forcing the industry to consider how to protect vehicles against cyber attacks.
“Cars are becoming connected devices,” said Ralf Lamberti, head of telematics and infotainment at Daimler. “[We’re] protecting vehicles with state of the art [equipment] to ensure attacks don’t happen.”
The modern car is, in essence, a sophisticated mobile computer, with software and electronics accounting for as much as 50 per cent of its value. Vehicles are fitted with long lengths of cable, several hundred megabytes of software and multiple computer networks.
Carmakers have also responded to demand from consumers for constant connectivity by installing wi-fi hotspots and cellular and Bluetooth connections. Each new connection and electronic device adds a potential target or means for a hacker to attack.
“The risk of car hacking today is still rather low since today’s car IT systems are still very heterogeneous, which requires costly, individual attacks,” said Marko Wolf at Escrypt, a security consultancy which helps customers in the automotive industry. “However, various successful proof-of-concept attacks have shown that risks for data security and privacy are real and they will increase with the increasing external connectivity of modern cars”.
In one scenario, tested by researchers at the University of California San Diego and the University of Washington, a car drives down a disused airport runway at 40mph. Behind it, a cyber attacker in a chase vehicle unleashes a digital payload from his laptop. Suddenly the electronic braking system of the car in front is disabled, leaving the helpless and frightened driver unable to stop.
“All major carmakers are aware of the necessity for protecting cars against security issues,” Mr Wolf said. “Most carmakers already have implemented various security protection solutions and have dedicated security divisions.”
Ford engineers try to ensure that the company’s Sync communications and entertainment system is as resistant to attack as possible. “We use a “threat-modelling” methodology to review potential attack vectors and security issues, and then have designed controls to address those items,” a company spokesman said. “Our hardware has a built-in firewall and separates the vehicle control systems network from the infotainment network and functions.”
Jack Pokrzywa at SAE International, a standard-setting organisation for the automotive industry, said the increasing use of electronics in vehicles “presents a challenge to the industry like never before”.
SAE has formed a committee to develop standards for electrical systems security which includes representatives of carmakers, suppliers, semiconductor manufacturers, and security and consulting firms. It aims to identify scenarios for possible cyber attacks on vehicles and outline strategies and techniques to prevent these security breaches..