Car computer controls vulnerable to hackers says report

The analysis builds on reports in recent years of the vulnerability of car locking systems, but this is the first time that researchers have claimed that such critical systems can now be hacked, Infosecurity notes.

If – as seems likely – the claim is true, then it poses a severe risk to high-profile figures such as politicians, as assuming control of a vehicle's steering and brakes when it is moving at high speed could place the lives of the occupants in grave danger.

The security problem appears to stem from the issue that engineers are "transforming automobiles from a collection of mechanical devices crowded around a combustion engine to a sophisticated network of as many as 70 computers – called electronic control units (ECUs)", says the report.

These computers, notes Scientific American, are linked to one another and to the internet, "making the car a mini mobile data center susceptible to many of the same digital dangers – viruses, denial-of-service attacks – that have long plagued PCs and other networked devices", adds the report

Because the ECUs are 'driven' by as many a million lines of program code, the report says that ECUs tend to share networks when they communicate with one another.

"This makes it easier to control more networked gadgets (GPS, MP3 players and more) from the same place, such as the center of the steering wheel. The problem comes when infotainment and other nonessential components share the same network with the brakes, steering and other safety-critical devices", the report adds.

Because of these issues, a team of researchers – Stefan Savage, a computer science professor at the University of California at San Diego, and Tadayoshi Kohno, an assistant computer science and engineering professor at the University of Washington in Seattle – claim they have been able to insert malware into a car's computer system using a smartphone Bluetooth connection.

The pair reportedly presented their findings at last month's National Academies Committee on Electronic Vehicle Controls and Unintended Acceleration event.

The security issue appears to affect several types of vehicles, but the report quotes Anup Ghosh, a research professor and chief scientist at George Mason University's Center for Secure Information Systems, as saying the security problem could be expensive to fix, as sharing networks is common in car IT systems.

What’s Hot on Infosecurity Magazine?