Cars getting more and more hackable, security firm warns
As the number of electronic systems used in cars increases, McAfee is warning that they're becoming increasingly vulnerable to hackers.
These days, embedded devices are included in radios, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication - and even in airbags and power seats.
"As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases," says Stuart McClure, senior vice president and general manager of McAfee.
"Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety."
It's now possible, for example, to remotely unlock and start a car via a cellphone, disable it remotely and track a driver’s location, activities and routines.
Hackers can also steal personal data from a Bluetooth system, disrupt navigation systems and disable emergency assistance.
Attacks can also be mounted to monitor a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters.
"Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities," says Georg Doll, senior director for automotive solutions at embedded systems company Wind River, which took part in the study.
"The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”
The full report is here.