By: Lisa Keegan
Date: 2010-05-24
Picture the scene - our action hero speeds along the perilous cliff road, his Aston Martin snaking around treacherous hairpin bends en-route to saving the world. From the safety of a concealed subterranean headquarters, the evil villain hacks into the computer system of our hero's car - remotely overriding the braking function and thus causing our hero to come to an untimely, and very messy end. The villain then proceeds to run some additional programmes in order to wipe all evidence of this interference from the ill-fated cars' black box recording system. His plan for world domination is well underway.
The real-life version of this is a 20-year old disgruntled ex-garage employee looking for kicks and causing his victim's cars, not to drive over a cliff-edge, but to flash their lights and toot their horns at random [source: intelematicstoday.com]. It may not be in the same league just yet but this case is a real one and it opens our eyes to the possibilities and potential vulnerabilities of telematics systems in cars. Any system which can be controlled remotely can, in theory at least, be hacked. A virus causing a computer to crash is one thing, causing a vehicle to crash is quite another. When dealing with car security we can't afford to simply install the anti-virus software and hope for the best - the stakes are far too high. With great advances in telematics and remote access to car computer systems, the time has come to consider the potential vulnerabilities of onboard computers and ensure that we don't let our enthusiasm for car infotainment and connectivity cloud our judgement.
In a previous article on the eCall in-car emergency system, we raised the issue of 'big brother' style vehicle tracking. This threat however, pales into insignificance when compared against the mayhem that hackers could unleash if they gained access to vehicle telematics systems.
Car manufacturers would have us believe that this threat is exaggerated but this week Computer Scientists at the University of Washington and the University of California, San Diego have presented a research paper which highlights the possible threats of hacking into in-car computer systems. The researchers claim they were able to remotely control braking and other functions in the cars they used in their tests, and argue that the car industry is at risk of making the same security mistakes as the PC industry.
The report entitled 'Experimental Security Analysis of a Modern Automobile' claims 'we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input - including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on'. The report recognises that while safety is a major consideration in modern cars, the potential threat of hackers has been somewhat overlooked.
Telematics systems in cars, such as the one used in the eCall emergency system, are becoming increasingly common and it is these networked systems that the researches claim make these cars most vulnerable. Computer control systems in cars are not new but the extent of use and dependence on these systems is certainly on the increase, and with this escalation comes a greater level of risk when problems occur. As computer systems become more complex they in turn become more prone to error. NASA probably create the most reliable computers but even the Mars Rovers have had to be rebooted several times. We have seen plenty of evidence of flawed software in cars recently with Toyota's braking problems and subsequent mass recall. Such problems can occur as a result of errors in the actual computer code, if you factor in human interference in the form of hacking, the number and potential severity of these problems multiply.
Vehicle telematics systems have the potential to greatly enhance our driving experience in terms of entertainment, communication and safety. However, it is important that we strike a balance between enjoying the benefits of these telematics systems and relinquishing control over our cars.