backtop


Print 14 comment(s) - last by Mike Acker.. on Aug 21 at 9:01 AM

McAfee executive says the future is scary

Vehicles are becoming more and more reliant on computers for efficiency, safety systems, and infotainment systems. Most vehicles on the market today use throttle-by-wire systems, where the onboard computer controls the throttle of the vehicle. Toyota has had problems in the past with so-called unintended acceleration, with many pointing fingers at the electronic systems in the car.
 
High-profile cases such as this have illustrated the point that computer systems inside modern automobiles can significantly affect the safety of passengers and others on the roads around the country. A team of researchers working for Intel security firm McAfee is attempting to search vehicles for electronic bugs that can make them susceptible to computer viruses.
 
According to some security experts, automakers have failed to protect electronic and computer systems in vehicles from attacks by hackers looking to steal vehicles, eavesdrop on communications inside the vehicle, and potentially harm passengers by causing the vehicles to crash.
 
"You can definitely kill people," said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit. The US cyber Consequences Unit is a nonprofit organization with the goal of helping companies to analyze their potential for targeted computer attacks on products and networks. So far, there have been no violent attacks on automobile computer systems reported.
 
Despite there being no confirmed by violent attacks against automotive computer systems reported, Ford has security engineers at work to secure its Sync communications entertainment system from attack. Ford spokesman Alan Hall said, "Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset."
 
"Any cyber security breach carries certain risk," said Jack Pokrzywa, SAE's manager of ground vehicle standards. "SAE Vehicle Electrical System Security Committee is working hard to develop specifications which will reduce that risk in the vehicle area."
 
Toyota maintains that it isn't aware of any hacking instances conducted against its automobiles. The Department of Homeland Security declined to comment on the risk of vehicular hacking or whether it is aware of any vehicular hacking incidents reports Reuters.
 
McAfee executive Bruce Snell, who oversees the company's car security research, stated, "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening. I don't think people need to panic now. But the future is really scary."

Source: Reuters



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

All the more reason
By FITCamaro on 8/20/2012 11:07:48 AM , Rating: 4
Not to have stuff connected to the outside with your automobile. Drive damn it. Do only that.




RE: All the more reason
By inperfectdarkness on 8/20/2012 11:35:01 AM , Rating: 2
I must admit I'm no fan of wireless connectivity options for vehicles. I'd rather have the old-fashioned hard-wired, closed-circuit stuff.


RE: All the more reason
By Samus on 8/20/2012 3:23:49 PM , Rating: 3
Take a hint from Boeing (or Battlestar Galactica for that matter) and don't connect multiple systems. Vehicle wifi shouldn't be able to access any vehicle controls, aside from the clock, radio and climate control. Remote battery monitoring shouldn't be able to directly access the battery, rather, the battery/charging computer should only be able to write logs to another system.

All these technical features are fine and dandy but I agree that these manufactures are getting too fancy and in over their heads. There is such a thing as too many features when those features are senseless and exploitable.


RE: All the more reason
By Solandri on 8/20/2012 6:32:21 PM , Rating: 2
Actually I'd say that's a bit extreme. There's considerable benefit to being able to diagnose an engine problem in your car via wifi instead of having to take it to a mechanic who plugs a (proprietary) cable into it.

I'm actually curious why they don't just turn the filesystem into one big EEPROM. SD cards have a physical write-protect switch. Couldn't you put one on the car's computer firmware? That way if you need to rewrite the firmware, you first need to flip a physical switch. But a virus which tries to infect a system without this switch flipped just sees write errors, and gets purged when you turn the engine off and kill the power.


RE: All the more reason
By mmatis on 8/21/2012 7:40:33 AM , Rating: 2
Your fine friends in "Law Enforcement" are not about to tolerate such a switch unless they get a back door around it.


RE: All the more reason
By tayb on 8/20/2012 11:46:19 AM , Rating: 2
Not having exterior connections won't help. The computer is in the car and can be hacked or given a virus while you sleep at night or grab a bite. Whether or not you are focused only on driving is irrelevant.


RE: All the more reason
By kattanna on 8/20/2012 12:12:42 PM , Rating: 2
quote:
can be hacked or given a virus while you sleep at night or grab a bite


if someone is going to go to that much effort, they are most likely going to be stealing the car, not setting it up to deliver spam or process bitcoins or such.


RE: All the more reason
By tayb on 8/20/2012 12:33:58 PM , Rating: 2
Unless their motivation is to harm you...


RE: All the more reason
By bah12 on 8/20/2012 1:10:03 PM , Rating: 2
Yah, cuz simply crawling under it and loosening the steering linkage would be far too hard. /sarcasm

Get real people there are dozens of mechanical ways to cause a car to become uncontrollable rather than hack it. Face it if someone has physical access to a device (car or computer), preventing compromise is nearly impossible.

As my old man used to say...Locks are for honest people. Bad guys can/will always find a way.


RE: All the more reason
By Akrovah on 8/20/2012 1:14:09 PM , Rating: 2
I which case there are a number of more efficient things that can be done to a car than trying to hack the OS.


Type of operating system
By drycrust3 on 8/20/2012 11:42:34 AM , Rating: 2
quote:
"SAE Vehicle Electrical System Security Committee is working hard to develop specifications which will reduce that risk in the vehicle area."

One major point overlooked in this article is the type of operating system used in the vehicle. As I understand it, viruses are operating system dependent, so if the automobile manufacturers based the car computers around one for which there were few viruses, e.g. a Linux distribution or BSD (which are, incidentally, free), then that would be a huge step towards increasing security.
On the other hand, if the manufacturers used an operating system which was plagued with malware, such as one of the Windows operating systems (for which they would have to pay a licence), then one should expect the vehicle to have poor level of software security.
One could even go further and suggest the diagnostic software used by the mechanics be intended to run only on something like a Linux distribution because, as we saw with the Stuxnet virus, Windows was the path to attacking the PLCs in the Iranian nuclear material purification machines.




RE: Type of operating system
By Mike Acker on 8/21/2012 8:57:21 AM , Rating: 2
excellent post!!!

the steps:
1. use an o/s that offers security, right now that means Linux.

2. authenticate all input transmittals using GnuPG

the tools to do it right have been available for years. until we change product liability law we will probably continue getting poor solutions, the result of hasty work.


Yep..
By Egglick on 8/20/2012 11:44:20 AM , Rating: 2
Gotta love the fearmongering and sensationalism from antivirus/security companies. I'd be interested to know why critical vehicle controls would be anything but a completely closed system.




RE: Yep..
By Mike Acker on 8/21/2012 9:01:46 AM , Rating: 2
they are not a close system now: GM vehicles can be unlocked/disabled by remote control. for the safety of the owners (.?.)


“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki