Six rising threats from cybercriminals

Text messaging, GPS under threat

The age of the connected car is dawning. Vehicles like the Ford Edge now provide 3G network access, a Wi-Fi router in the car, and the ability to tap into your home Wi-Fi network (only while parked). In the next few years, more automakers will provide wireless access for Web browsing and streaming high-def movies. And by 2013, a new FCC-mandated wireless signal called DSRC (dedicated short-range communications) will run at 5.9GHz and provide a vehicle-to-vehicle communication network.

For anyone who follows network computing or computing in general, adding these new features to a moving vehicle should raise a red flag as yet another way hackers can cause problems. Since these systems often tap into the car diagnostics and safety features, a hacker could potentially interfere with such systems and, for example, cause a car's engine to surge at just the wrong time, says Stephan Tarnutzer, chief operating officer at automotive control console manufacturer DGE.

While no real-world exploits are known to have happened, security researchers from the University of California, San Diego, and the University of Washington have hacked into the computers of several late-model cars and remotely disabled the brakes, altered the speedometer reading, turned off the engine, locked passengers into the car and more.

The research team's initial tests relied on plugging a laptop into the car's diagnostic system, but later tests identified other entry points for an attack, including the cars' Bluetooth and cellular connections. More wireless communications in future cars will create even more attack vectors.

The good news, Tarnutzer says, is that most of the forthcoming wireless technology for cars is for short-range communications -- say, from one lane to another or just as you pass through an intersection. That makes it difficult for hackers because they need to be in close proximity to the car.

Nevertheless, wireless connections in cars will undoubtedly make a tempting target for hackers. The answer, says Tarnutzer, is for the auto industry to use strong, hardware-based encryption technology.

For example, the OnStar communications and security service offers a theft-recovery feature that makes use of wireless signals. If your car is stolen, you can report the theft to the police, who then contact OnStar, which can transmit a signal over a 3G network to stop the accelerator from working in the stolen car. OnStar's transmissions are encrypted to thwart unauthorized attempts to tap into signals and interfere with vehicle operations.

Car companies are, of course, aware of the potential for hackers to disrupt in-car wireless services. Representatives from Ford and GM, for instance, said they are developing strong encryption standards for vehicle-to-vehicle and vehicle-to-back-end-infrastructure communications.

The technology for the connected car is for the most part still in a testing phase, says Tarnutzer. The DSRC network in particular will undergo thorough testing by both the car companies and the U.S. Department of Transportation to make sure it is hacker-resistant and uses strong encryption, he adds. "This is why it takes two to three years for an OEM to qualify a new vehicle, compared to six months for a new smartphone," he says.

6. GPS jamming and spoofing: Threat or nuisance?

Tags symantecindustry verticalsAutomotive

Show Comments