How secure is your New car? About the same as you PC

0
Many of us driving a car after 2000 might not know down under your steering wheel is an electronic gadget called the ECU. Its like the gateway to the car’s brain. And if you are driving a BMW or Mercedeces, the more computerized things are. And with the right tools, these cars can be remotely controlled.
This week at the 31st IEEE Symposium on Security & Privacy, a paper will be presented by researchers from the Center for Automotive Embedded Systems Security (CAESS) titled, “Experimental Security Analysis of a Modern Automobile” that says they have demonstrated:
“that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input— including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
The researchers also say that an attacker can embed “malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash.”
The researchers from CAESS –  a collaboration between researchers at the University of California San Diego and the University of Washington with a mission to help ensure the security, privacy, and safety of future automotive embedded systems – wanted to provide solid, experimental data, not just theoretical results, on what could happen during a hacking attack.
Not to put to fine a point on it, the researchers, whose work was supported by funding from the National Science Foundation, say that while automotive manufacturers have spent a lot of time worrying about car safety, the priority of car IT security may need to be raised a tad.
In a New York Times article last week, one of the researchers, Professor Stefan Savage, a computer scientist at UCSD, was quoted as saying,
“… you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC.”
Hmm, makes me wonder how soon it will be before your car dealership starts offering you a yearly subscription to anti virus protection software for your car, just like your computer and phone.
Hacking into cars’ electronic systems is not new, of course. Almost since car electronic systems have appeared, people have been tying to exploit them, for instance, by hacking into cars’ wireless key systems or into cars’ ECUs to boost engine output. Hacking GM’s On-Star system seems especially popular.
Although the remote control scheme of car requires extreme hacking, but tomorrow as the electrical circuitory of cars become more advanced and thanks to recent advances in computer visions. We can expect progress in the field of computer antivirus!

How secure is your New car? About the same as you PC

Many of us driving a car after 2000 might not know down under your steering wheel is an electronic gadget called the ECU. Its like the gateway to the car’s brain. And if you are driving a BMW or Mercedeces, the more computerized things are. And with the right tools, these cars can be remotely controlled.
This week at the 31st IEEE Symposium on Security & Privacy, a paper will be presented by researchers from the Center for Automotive Embedded Systems Security (CAESS) titled, “Experimental Security Analysis of a Modern Automobile” that says they have demonstrated:
“that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input— including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
The researchers also say that an attacker can embed “malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash.”
The researchers from CAESS –  a collaboration between researchers at the University of California San Diego and the University of Washington with a mission to help ensure the security, privacy, and safety of future automotive embedded systems – wanted to provide solid, experimental data, not just theoretical results, on what could happen during a hacking attack.
Not to put to fine a point on it, the researchers, whose work was supported by funding from the National Science Foundation, say that while automotive manufacturers have spent a lot of time worrying about car safety, the priority of car IT security may need to be raised a tad.
In a New York Times article last week, one of the researchers, Professor Stefan Savage, a computer scientist at UCSD, was quoted as saying,
“… you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC.”
Hmm, makes me wonder how soon it will be before your car dealership starts offering you a yearly subscription to anti virus protection software for your car, just like your computer and phone.
Hacking into cars’ electronic systems is not new, of course. Almost since car electronic systems have appeared, people have been tying to exploit them, for instance, by hacking into cars’ wireless key systems or into cars’ ECUs to boost engine output. Hacking GM’s On-Star system seems especially popular.
Although the remote control scheme of car requires extreme hacking, but tomorrow as the electrical circuitory of cars become more advanced and thanks to recent advances in computer visions. We can expect progress in the field of computer antivirus!

Share