Is the Next Big Security Threat Car Hacking?
Today, automobiles offer you the convenience of hands free communication and GPS systems. As the automobile revolution advances and the cars incorporate more wireless communication and navigation systems, they become more vulnerable to hackers. Security experts say that the idea of hacking cars isn’t that far-fetched.
According to Chris Valasek, director of vehicle security research at IOActive, car hacking is not hypothetical at all. Valasek and Charlie Miller, Twitter security engineer, have conducted remote-car hacking research. Also, researchers at the University of California-San Diego, and the University of Washington have conducted research on the possibility of a security breach. Miller and Valaskek went on further to say that the car industry needs to better prepare themselves for the possibility of attacks.
Last December, Miller and Valasek hacked into a Ford Escape and a Toyota Prius from inside the car. The two men used a laptop plugged into the vehicle’s diagnostic port. This allowed the men to exploit vulnerabilities in the electronic control units of both cars. The electronic control unit communicates with the car’s internal network. After breaching the electronic control unit the two men took control of the headlights, steering, horn, brakes and locks.
More recently the research team of Miller and Valasek studied 21 cars, electronic control units for vulnerabilities. They posted their finding at the Def Con hacker conference in Las Vegas. The team noted that different car manufacturers employ different vehicle designs so they avoided generalities in their security analysis. The team also did in-depth studies on specific automotive architectures and concluded that some networks were more secure than others.
What is auto industry’s attitude towards cybersecurity?
The auto industry today has the same attitude about cybersecurity as the software companies had in the past. In the early 2000's, software vendors overlooked security risks in their software design. In the past, software vendors didn’t invest in the security of their software. Only after software vulnerabilities, did software vendors invest in proactive measures to protect the end users. Valasek is hoping the automobile manufacturers will take actions quicker than software vendors did.
The automotive industry is making progress in their efforts to search for security bugs using traditional software security. Automotive Engineers are also working to standardize the threat-modeling process. After Miller and Valasek research, the team has urged automakers to add attack-detection and prevention technology in the critical control networks of their newer cars.
About Awan Cheyanne
Awan is a technical engineer, freelance blogger and hobbyist.