Two well-known security experts say they have built a prototype intrusion protection device that would keep automobiles safe from cyber-attacks.
Chris Valasek, director of vehicle security research at the consulting firm IOActive, and Charlie Miller, a researcher at Twitter famous for his Apple hacks, plan to show off the gadget at DefCon in Las Vegas early next month.
Valasek told Reuters that the device is a simple one, built with $150 in electronics parts and a set of computer algorithms that learn how cars typically function. From there, it can identify traffic anomalies to flag a possible attack, and block rogue activity.
"I really don't care if you hack my browser and steal my credit card," Valasek told the news service. "But crashing a car is life or death. It is dramatic. We wanted to be part of the solution."
Last year at the conference, they made news by demonstrating a hack that allowed them to manipulating the brakes of a moving Toyota Prius and Ford Escape. Though no reports have been made of a real-world hack so far, some say that it’s only a matter of time.
“These attacks could potentially allow cyber-attackers to penetrate in-car systems, either using physical interaction or also by seizing control through attacks over the Internet; typically a connected car network has over 50 potential access points for a cyber-attacker now, and this will only increase as the level of technology integrated into the car goes up,” explained Wil Rockall, director at KPMG’s cyber security practice, in an email. “Three years ago, criminals sought access to vehicles by stealing the keys, but today three-quarters of cars stolen in London are done so without them, principally through electronic methods. It is important that cyber-attacks do not become physical ones because manufacturers are unable or unwilling to design in security.”
He added that any intrusion protection device must be able to evolve and adapt. “The industry needs to invest in creating systems that are securely built and well tested, with capabilities that can be improved as threats evolve and vulnerabilities are discovered. The public must be able to trust the new systems put in place and be confident when operating their vehicles that a ‘crash’ is not going to be caused by cyber attackers.”