Hi-tech cars are security risk, warn researchers

Night_Hawk

Siasat.pk - Blogger
[h=1]Hi-tech cars are security risk, warn researchers
[/h] By Mark Ward Technology correspondent, BBC News
_77220842_77220838.jpg

Security researchers are worried that car computer systems could make them vulnerable to hackers



The most complicated computational device you own is probably not in your pocket, not mining bitcoins in the back room or nestled by the TV helping the kids "frag" their friends in eye-popping video game HD.
It might be sitting on your drive, in the garage or on the street.
The it, in this case, is your car.


Modern vehicles are very smart. They can recognise that they are crashing faster than you can and prepare for the impact before you have time to think: "This is going to hurt."
They know when it is raining, when you are straying from your lane or are in danger of hitting the wall when you park.
"Cars today are not just computers on wheels," says security researcher Josh Corman.
"They are networks of computers on wheels."
And therein lies the problem, he tells the BBC.


Mr Corman is spokesman for a grassroots group known as I Am The Cavalry (IATC) that seeks to communicate the thoughts and fears of many professional security testers to the wider world. Of late, IATC has been getting very worried about cars.
_77220704_30fb2b9b-0b20-48b0-9c14-c23daed2fa70.jpg

Early attempts at hacking vehicles involved taking them apart to access their systems

A modern car, Mr Corman says, has up to 200 small embedded computers in it, known as electronic control units (ECUs), each one of which, in general, oversees one subsystem.
They all connect to a network that ships data around the car to co-ordinate what is going on as it is driven.
The embedded computers are typically not made by car manufacturers. Instead they come from other companies, which often do not - or will not - say how they work.
Physical hacks

Before now, that has not worried the carmakers who just want the black box to meet their specifications for such things as monitoring tyre pressure, measuring the angle of the steering wheel, working out how many people are in the car or that they are wearing seatbelts.

But the lack of transparency has vexed security researchers who, in recent months, have been taking a much closer look at in-car computer systems.


They have not been impressed by what they have found.
Charlie Miller and Chris Valasek of security firm IOActive led the way in hacking the computer systems in cars, says Andy Davis, head of research at NCC Group.


The early work on car hacking involved getting physical access to the vehicle.
_77221077_414f7de5-bae3-47b3-b00f-56511a70e631.jpg

Vehicles often contain computer-controlled parts made by several different manufacturers

Mr Miller and Mr Valasek literally tore apart the cars they investigated to get at the Controller Area Network (Can) buried in its substructure.


"If you can get access to that Can either physically or remotely you can essentially control the vehicle," says Mr Davis.
At the recent Def Con hacker conference in Las Vegas, the two IOActive researchers presented their latest work entitled, A survey of remote automotive attack surfaces.
It took a close look at the hackability of 21 separate vehicles. Everything from a Toyota Prius to a Range Rover Evoque.


The report found exploitable problems almost everywhere it looked - in wireless tyre pressure sensors, telematics controllers and even anti-theft systems.
_77221079_1ff68b8c-48b3-4a6c-8454-fb31d6a96b6b.jpg

A study indicated the 2014 Jeep Cherokee was more vulnerable than several rival models

The 2014 Jeep Cherokee topped the list of the most hackable cars and the 2014 Dodge Viper was the least hackable.
But the Jeep's maker, Chrysler noted that there had been "been no documented, real-world incidents of remote hacking".


"We have a team of engineers dedicated to developing cyber-security features in anticipation of emerging threats," it added.

"Further, Chrysler Group strongly supports the responsible disclosure protocol for addressing cybersecurity. Accordingly, we invite security specialists to first share with us their findings so we might achieve a cooperative resolution. To do otherwise would benefit only those with malicious intent."
Breakdown alerts Many of the latest attacks seek to get at a car remotely via the communication systems now sported by many modern vehicles, explains Mr Davis.


"The reason this has become much more of a high-profile, ongoing issue is because of the way things are going in the car industry and the whole idea of the connected car."
In Europe and the US there are moves to set up so-called eCall systems that automatically contact emergency services when a vehicle has been involved in a serious accident.


An allied bCall system would ring for help in the event of a breakdown.
There is no doubt, says Mr Davis, that soon all cars will be connected cars.
_77220836_245ad5b4-198f-4ecb-a394-2bdcfac03b7f.jpg

There are plans for cars to be able to call for help in the event of a breakdown

"That has made all the carmakers realise it's something they need to provide," he adds.
"But if they have to do this we have to ask what else can we do to it?"
Black box NCC Group recently conducted a six-week investigation into the security of vehicles from one manufacturer, which it declined to name.
Mr Davis says a whole range of security problems was found, but the biggest failing in his mind only emerged when researchers questioned the carmaker about issues that had arisen during the tear-down.
"We let them know about our assumptions of how the ECUs could be abused and they said, 'This is a black box for us,'" Mr Davis recalls.


"So, they went to the third-party that made it, who said it was proprietary information and we will not tell you."
_77221060_4b1e33e7-dbc9-47fa-87ed-30e3be96338a.jpg

Mini-computers can spot potential problems at an early stage

That's a big problem, he adds, because it means solving those security issues becomes much more difficult.
This lack of clarity about the innards of in-car computers prompted IATC to publish a letter calling on vehicle makers to improve security.


Some steps have already been taken, says Mr Corman, thanks to IOActive raising the issue in the media.
That's led to it being discussed more inside car firms and, in particular, among R&D and engineering staff.
"They know what they need to do but they have been lacking the executive support to make it happen," he says.


He singles out Tesla as one carmaker that is setting good standards. It has an open disclosure policy and actively seeks help to squash bugs in the software and other systems used to control its cars.
_77221075_b003a951-f790-41cf-9c84-4c31601e6bd2.jpg

Researchers say the car companies are becoming more aware of the risk of hackers

But he acknowledges that it will take time to encourage others to do likewise and demand more open and secure standards from their suppliers, Mr Corman adds.
"We're taking a strategic long view," he says.


"It has to be a long view given how long it takes to do R&D, how long it takes to do testing and to bring a car to market.
"This is not like Facebook where if there is a security problem they can fix it overnight."
http://www.bbc.com/news/technology-28886463
 

wahreh

Chief Minister (5k+ posts)
Very interesting article. This may get more intense in completely automated vehicles such as google car which is going through street testing these days. May be its time to apply airplane software standards to automative as well.
 

adamfani

Minister (2k+ posts)
  • Deadly Distractions
  • What Is Distracted Driving?

Distracted driving is any non-driving activity that takes drivers’ hands off the wheel, their eyes off the road or their mind off driving. Mobile phones are not the only distractions drivers face; even simple tasks can interfere with the ability to safely operate a vehicle, including:

  • Eating or drinking.
  • Personal grooming.
  • Adjusting vehicle controls or navigational units.
  • Fiddling with entertainment systems.
  • Talking with passengers.
 

adamfani

Minister (2k+ posts)
  • Deadly Distractions




  • Hidden Menace

Despite the growing evidence linking distractions to dangerous driving, far too many motorists still find themselves distracted behind the wheel. They combine other tasks with driving because they believe they can multitask, and mobile technology devices only increase the temptation. While distractions alone may not cause collisions, distracted drivers commit serious errors that significantly increase their crash risk.


  • What Is Distracted Driving?

Distracted driving is any non-driving activity that takes drivers’ hands off the wheel, their eyes off the road or their mind off driving. Mobile phones are not the only distractions drivers face; even simple tasks can interfere with the ability to safely operate a vehicle, including:

  • Eating or drinking.
  • Personal grooming.
  • Adjusting vehicle controls or navigational units.
  • Fiddling with entertainment systems.
  • Talking with passengers.


  • The Multitasking Myth

When drivers attempt to “multitask,” their minds rapidly switch from one activity to another because they can concentrate on only one task at a time. As a result, every time we give our brains another non-driving activity to consider, the risk of a crash increases. Consider this: Taking your eyes off the road for a second at 50 km/h is the same as driving with your eyes closed for nearly 15 metres.

  • Dialling Up Disaster

The next time you reply to a text message or talk on the phone as you drive, it might be your last. Mobile phones can take your eyes off the road and your hands off the wheel, while talking on one reduces your ability to process information. Whenever you drive and use a mobile phone, you increase your chance of a collision by up to 4 times, while texting raises your crash risk by up to 23 times.

  • Full Attention Required

Driving already involves four areas of the brain, so drivers have no room to juggle additional tasks. Poor decisions and bad habits place everyone at risk, so do not treat driving as idle time. Keeping roads safe and staying alive are not unproductive activities; they are every driver’s responsibility.

  • Every Second Counts

Up to 80% of vehicle crashes include some form of driver inattention.

  • Disruptive Conversations

Mobile phone conversations reduce brain activity associated with driving by up to 50%.

  • Mobile Phones vs. Alcohol

Drivers using mobile phones react up to 30% slower than drivers with a blood alcohol content of 0.08%.
 

Back
Top