You are driving down the road minding your own business on a brisk winter day when suddenly the stereo starts blaring unrecognizable music, the air conditioner begins blasting cold air, the onboard navigation system changes course, the headlights start flashing, the engine turns off, killing the power steering and braking systems making a controlled stop difficult, if not impossible. Oh, and the same thing just happened to every other car on the road around you at the very same time.
Got your attention?
That scenario, though implausible today, is not impossible in the not too distant future. The Internet of Things (IoT) movement to turn everything we use into computers has already taken hold in the automotive industry. Cool new features that let you remotely lock and unlock and start your car are becoming more common. That’s great news for both the good folks who enjoy this infusion of technology into more and more parts of their lives and it’s great news for the bad guys who would like to exploit the darker sider of these advancements.
The point is that if you can control all these systems on your car wirelessly, the potential exists for a hacker to do the same.
While the doomsday scenario outlined previously is still a bit far fetched, it may not be as unlikely as you might think as we are already starting to see proof of concept attacks and other vulnerabilities emerge. Here are a few examples:
- Reuters reported that BMW recently patched a bug that left over 2 million Rolls-Royce, Mini and BMW cars open to having their doors unlocked by attackers. According to the article, the vulnerable software allowed drivers to:
“activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.”
Apparently the communications between the car and the controller weren’t encrypted so an attacker could trick the car into listening to unauthorized commands. The problem is supposed to be fixed now but one has to wonder why it just now occurred to the powers that be that authenticating the source of the commands might be an important feature.
- The Register reported that:
“Zhejiang University students have hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn – all while the car was driving along.”
- And there’s this from ARS Technica:
“papers published in 2010 and 2011, on-board components such as CD players, Bluetooth for hands-free calls, and “telematics” units for OnStar and similar road-side services make it possible for an attacker to remotely execute malicious code.
The research is still in its infancy, but its implications are unsettling. Trick a driver into loading the wrong CD or connecting the Bluetooth to the wrong handset, and it’s theoretically possible to install malicious code on one of the ECUs. Since the ECUs communicate with one another using little or no authentication, there’s no telling how far the hack could extend.”
- And if you’d like to see a proof of concept take a look at this video which shows a car’s horn, steering and brakes being controlled by a backseat driver.
Before you throw away your keys and go horse shopping bear in mind that most cars on the road lack these sort of remote control capabilities in the first place but that is changing. The hope here is that the auto makers will learn from these early mistakes and make safer vehicles in the future. The likelihood is that we will hear about a lot more of these types of vulnerabilities before they do.
Now, who wants a self driving car?
In 2013 I did a presentation on social media threats at the OOP (Object Oriented Programming) conference in Munich. (You can see my presentation here.)
no video this time around but I did do an interview for InfoQ.com on the general topic of mobile security, which you can find here, in case you’re interested.
Inside Internet Security 