Researchers claim it's technically possible to hack into a car's computer system, writes CIARA O'BRIEN
IN-CAR computer systems have improved motoring in recent years, but could they also leave vehicles vulnerable to attack? New research from the University of California San Diego and the University of Washington seems to indicate so.
A car’s computer system can be hijacked through an infected MP3 file burned to a CD, according to the report.
A piece of code added to the file – known as a Trojan horse – could run on the car’s system without a driver’s knowledge. And because computers now control so many of a car’s functions, in theory, it could be used remotely to control everything from the engine to such security features as central locking.
The worrying thing about this research, security experts say, is that it was not conducted in a laboratory: the researchers bought a car and hacked into its system.
The attack has been viewed with interest in the security field.
“What it does is highlight how integrated computers are becoming in every day life,” says Brian Honan, principal at security consultants BH Consulting.
“It’s not necessarily saying that cars are hackable. It’s the software that cars can use [that] is hackable and, wherever that software is deployed, there’s the risk that people can take advantage of these weaknesses.”
The good news is that there have been no reports of cars being hacked into and controlled in such a way, although it now seems technically possible to do so.
“Technically it is feasible to do what the guys have done in the universities as proof of concept to demonstrate the weaknesses in the system,” says Conor Flynn, technical director at Rits information security. Many in-car systems are supplied by third parties, meaning that several manufacturers could have very similar systems with common components.
“They’re using commonly published protocols so that other third parties can make after-market add-ons,” says Flynn.
The growing integration of electronic systems and wireless technologies, such as Bluetooth and wifi, in cars may make life easier for drivers, but it also creates security risks. Cars can be compromised through their Bluetooth or built-in mobile network systems.
One attack was carried out using an infected application on an Android handset and connected to the car’s in-built Bluetooth system.
Malicious software can also be introduced through diagnostic tools used for the maintenance of vehicles, through the on-board diagnostics port.
While the idea is worrying for car owners, most hackers are motivated by financial gain, so it is unlikely that the average motorist would be a primary target.
This report could also act as a warning to manufacturers to keep critical systems separate from non-critical ones, says Honan.
“Why would your MP3 need to be connected to your brake system for example, there’s no reason,” says Honan.
“There should be some sort of isolation between those, just to make sure that these things cant be exploited.”