As cars become more like PCs on wheels, what's to stop a hacker from taking over yours?
In recent demonstrations, hackers have shown
they can slam a car's brakes on at freeway speeds, jerk the steering
wheel and even shut down the engine - all from their laptop computers.
The hackers are publicising their work to
reveal vulnerabilities present in a growing number of car computers. All
cars and trucks contain from 20 to 70 computers. They control
everything from the brakes to acceleration to the windows, and are
connected to an internal network. A few hackers have recently managed to
find their way into these intricate networks.
In one case, a pair of hackers manipulated two
cars by plugging a laptop into a port under the dashboard where
mechanics connect their computers to search for problems. Scarier yet,
another group took control of a car's computers through cellular
telephone and Bluetooth connections, the CD player and even the tyre
pressure monitoring system.
SECURITY EXPERTS
To be sure, the “hackers” involved were
well-intentioned computer security experts, and it took both groups
months to break into the computers. And there have been no real-world
cases of a hacker remotely taking over a car. But experts say high-tech
hijackings will get easier as automakers give cars full internet access
and add computer-controlled safety devices that take over driving
duties, such as braking or steering, in emergencies.
Another possibility: A tech-savvy thief could unlock the doors and drive off with your vehicle.
Security research company CEO Rich Mogull
commented: “The more technology they add to the vehicle, the more
opportunities there are for that to be abused for nefarious purposes.
“History keeps showing us that anything with a computer chip in it is vulnerable.”
Over the past 25 years, car companies have
gradually computerised functions such as steering, braking, accelerating
and chaning gears. Electronic throttle position sensors, for instance,
are more reliable than the old throttle cables. Electronic parts also
reduce weight and help cars use less fuel - but the networks of little
computers inside today's cars are fertile ground for hackers.
Charlie Miller, a security engineer for
Twitter, and fellow hacker Chris Valasek, director of intelligence at a
Pittsburgh computer security consulting firm, cracked the computer
systems of a 2010 Toyota Prius and 2010 Ford Escape through ports used
by mechanics - although, even with their expertise, it took them nine
months to do it.
Valasek said: “We could control steering,
braking, acceleration to a certain extent, the seat belts, lights,
hooter, speedometer and even the fuel gauge.”
GOING PUBLIC
Their report, which included instructions on
how to break into the cars' networks, was released at a hacker
convention in August. They said they went public to draw attention to
the problem and get automakers to fix it, saying car companies haven’t
put any security measures on the diagnostic ports.
Ford wouldn't comment other than saying it took
security seriously, and pointing out that Miller and Valasek needed
physical access to the cars to hack in.
Toyota said it did have added security - which
it continually tested to stay ahead of hackers; it said its computers
were programmed to recognise rogue commands and reject them.
“We could have turned the brakes off.”
Two years ago, researchers at the University of
Washington and University of California in San Diego did more extensive
work, hacking their way into a 2009-model mid-sized car through its
cellular, Bluetooth and other wireless connections - even the CD player.
Computer science professor Stefan Savage said he and other researchers could control nearly everything but the car's steering.
“We could have killed the engine. We could have engaged the brakes,” he said.
Savage wouldn't identify the make or model of
the car they hacked into, but two people who knew about the resarch said
the car was from General Motors and the researchers compromised the
OnStar safety system, best known for using cellular technology to check
on customers and call for help in a crash.
GM wouldn't comment on the research, but said it took security seriously and was putting strategies in place to reduce risk.
CLOSING THE LOOPHOLES
One of the people said GM engineers initially
dismissed the researchers' work, but after reading the report, quickly
moved to close loopholes that allowed access to the car's computers.
Savage doesn't think common criminals will be
able to seize control of cars electronically anytime soon - it would
take too much time, expertise, money and hard work to hack into the
multitude of computer systems found in a modern car.
“You're talking about a rarefied group with the resources and wherewithal,” he said.
Instead, he believes basic theft is a more
likely consequence of computerisation, with criminals being able to
unlock doors remotely and then start and drive the car by hacking
through the diagnostic port. Remote door unlocking could also lead to
theft of packages, phones and other items stored in a car. - Sapa-AP
Posts
No comments:
Post a Comment