Com­put­ers make au­tos at­tack tar­gets

Winnipeg Free Press - Section F - - AUTOS - By Steve John­son

SAN JOSE, Calif. — Imag­ine this night­mar­ish pos­si­bil­ity: Al-qaida ter­ror­ists cause thou­sands of mo­torists rac­ing down a free­way dur­ing the morn­ing com­mute to sud­denly lose their brakes, lead­ing to mas­sive chaos, death and destruc­tion.

Im­plau­si­ble? Maybe not, some ex­perts warn.

As cars and trucks have be­come laden with brainy de­vices to con­trol ev­ery­thing from their airbags to their crash-avoid­ance sys­tems, the ve­hi­cles have be­come in­creas­ingly vul­ner­a­ble to cy­ber at­tacks, ac­cord­ing to re­cent stud­ies by univer­sity re­searchers and se­cu­rity com­pa­nies.

One found a car’s com­puter con­trols could be re­motely ac­cessed through their Blue­tooth, Wi-fi or Ons­tar con­nec­tions, po­ten­tially al­low­ing ter­ror­ists to si­mul­ta­ne­ously dis­able the brakes of nu­mer­ous cars, cor­po­rate spies to eaves­drop on a mo­tor­ing ex­ec­u­tive’s phone calls, or thieves to elec­tron­i­cally lo­cate, break into and start cars they’ve tar­geted to steal.

An­other showed how a car’s tire­pres­sure warn­ing sys­tem could be wire­lessly tricked into send­ing false alerts to driv­ers, which could prompt them to stop and fall prey to rob­bers fol­low­ing them.

Spec­u­lat­ing that vil­lains might short­sell an auto-com­pany’s stock and then cause wide­spread prob­lems in its cars, Ryan Per­meh, a prin­ci­pal se­cu­rity ar­chi­tect at In­tel’s Mcafee di­vi­sion, added: “I can def­i­nitely imag­ine or­ga­nized crime or po­ten­tially even na­tion states lever­ag­ing weak­nesses in these func­tions to cause dif­fer­ent kinds of havoc.”

Although in­stances of car hack­ing have been ex­tremely rare, the threat has got­ten the at­ten­tion of au­tomak­ers.

“We are very, very con­cerned,” said Chrysler spokesman Vince Mu­niga, adding Chrysler is con­sult­ing com­puter ex­perts to iden­tify “things that may be vul­ner­a­ble in the fu­ture.”

Sim­i­larly, Ford “is tak­ing the threat very se­ri­ously” and “work­ing to en­sure that we’ve de­vel­oped a prod­uct that is as re­sis­tant to at­tack as pos­si­ble,” said Rich Strader, Ford’s di­rec­tor of in­for­ma­tion tech­nol­ogy, se­cu­rity and stor­age .

The sub­ject also has got­ten the fed­eral gov­ern­ment’s at­ten­tion.

“The Na­tional High­way Traf­fic Safety Ad­min­is­tra­tion is aware of the po­ten­tial for ‘hack­ers’ and is work­ing with au­tomak­ers to bet­ter un­der­stand what steps can and are be­ing taken to ad­dress the prob­lem,” the agency said in a state­ment, adding it has asked the U.S. Na­tional Academy of Sci­ences to look into the mat­ter.

Be­cause of con­sumer de­mand for en­ter­tain­ment, con­ve­nience and safety fea­tures in cars, au­tomak­ers in re­cent years have greatly beefed up the tech­nol­ogy in their ve­hi­cles. It’s not un­usual for lux­ury au­tos to sport 70 com­put­er­ized con­trol units that mon­i­tor ev­ery­thing from the en­gine, trans­mis­sion and head­lights to the cabin tem­per­a­ture, airbags and cruise con­trol. Some cars even park them­selves or au­to­mat­i­cally brake to pre­vent col­li­sions.

But their var­i­ous wire­less con­nec­tions can en­able hack­ers lo­cated some dis­tance away to elec­tron­i­cally in­fil­trate an au­to­mo­bile and take vir­tual con­trol of it, ex­perts have de­ter­mined.

In a re­port about the “emerg­ing risks in au­to­mo­tive sys­tem se­cu­rity,” Mcafee de­scribed the case last year of a dis­grun­tled for­mer em­ployee of a Texas used-car deal­er­ship. By ac­cess­ing the sys­tem the deal­er­ship used to re­motely de­ac­ti­vate cars whose buy­ers failed to make pay­ments, he cre­ated may­hem by blar­ing the horns and shut­ting off the en­gines of more than 100 ve­hi­cles.

Other prob­lems could be com­ing down the road.

In a study last year, Univer­sity of South Carolina re­searchers in one ve­hi­cle caused the tire-pres­sure warn­ing sys­tem of an­other to send bo­gus alerts to its dash­board. Be­cause such alerts could prompt driv­ers to pull over to check their tires, the re­searchers warned, “this presents am­ple op­por­tu­nity for mis­chief and crim­i­nal ac­tiv­i­ties.”

An­other trou­bling flaw was un­cov­ered by a se­cu­rity tester hired by an uniden­ti­fied U.S. city, ac­cord­ing to the Mcafee re­port. Af­ter hack­ing into po­lice-car cam­era recorders, it said, “he was eas­ily able to up­load, down­load and delete files that stored months’ worth of video feeds.”

Still more weak­nesses were de­tailed in a study by the Cen­ter for Au­to­mo­tive Em­bed­ded Sys­tems Se­cu­rity, a col­lab­o­ra­tion be­tween the Univer­sity of Cal­i­for­nia-san Diego and the Univer­sity of Washington. It con­cluded thieves could wire­lessly com­mand groups of cars to re­port their GPS co-or­di­nates and ve­hi­cle iden­ti­fi­ca­tion num­bers, en­abling crooks to learn the year, make, model and lo­ca­tion of the most ex­pen­sive ones. Then, it said, they could steal those au­tos by is­su­ing other wire­less com­mands to dis­able their alarms, un­lock them and start their en­gines.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.