Car-hacking now a possibility
McAfee says increase in electronics and connectivity in vehicles can lead to cyber attacks
Critical car safety components can be hacked if criminals can get direct physical access to a car's electrical systems, according to a new report by McAfee, in partnership with Wind River and ESCRYPT.
The report, called "Caution: Malware Ahead," is an analysis of emerging risks in automotive system security. Embedded electronic devices are used in almost all areas of automobiles including airbags, radios, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication.
Researchers have shown that a cyber-attack can be mounted to track a vehicle and compromise passengers' privacy by tracking the RFID tags using powerful long-distance readers at around 40 metres.
"As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases," said Stuart McClure, senior vice president and general manager, McAfee. "Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It's one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety."
Automobile manufacturers are beginning to add features such as internet access and connectivity into vehicles and increase integration between cars and consumer devices such as smartphones and tablets.
However, according to the report, in the rush to add features, security has often been an afterthought.
The report highlights such threats as the remote unlocking of a vehicle and starting of a car via cell phone, the ability to disable a car remotely, track a driver's location, activities and routines, steal personal data from a Bluetooth system, disrupt navigation systems and disable emergency assistance.
"The auto industry is experiencing a convergence of consumer and automotive electronics. Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities," said Georg Doll, senior director for automotive solutions at Wind River. "The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise."