Just about everything these days ships with tiny embedded computers that are designed to make users’ lives easier. High-definition TVs, for instance, can run Skype and Pandora and connect directly to the Internet, while heating systems have networked interfaces that allow people to crank up the heat on their way home from work. But these newfangled features can often introduce opportunities for malicious hackers. Witness “Smart TVs” from Samsung or a popular brand of software for controlling heating systems in businesses.
Now, security researchers are turning their attention to the computers in cars, which typically contain as many as 50 distinct ECUs—short for electronic control units—that are all networked together. Cars have relied on on-board computers for some three decades, but for most of that time, the circuits mostly managed low-level components. No more. Today, ECUs control or finely tune a wide array of critical functions, including steering, acceleration, breaking, and dashboard displays. More importantly, as university researchers documented in papers published in 2010 and 2011, on-board components such as CD players, Bluetooth for hands-free calls, and “telematics” units for OnStar and similar road-side services make it possible for an attacker to remotely execute malicious code.
The research is still in its infancy, but its implications are unsettling. Trick a driver into loading the wrong CD or connecting the Bluetooth to the wrong handset, and it’s theoretically possible to install malicious code on one of the ECUs. Since the ECUs communicate with one another using little or no authentication, there’s no telling how far the hack could extend.
We are not there yet but these researchers have demonstrated some nasty stuff – remotely controlling the braes or the steering wheel. As with any hacking job, it helps a lot to have physical access to the car. But that is relarively easy to do. Such as during a service appointment.
No need for the bad guys to put a bomb under the car. Just get a mechanic to allow them to program the car’s computers to jerk the steering wheel hard to the right when the car is at 70 mph.
Perhaps something like this. So, former high officials in the government say it was possible, and now we have researchers demonstrating how the computers might be hacked. Time to become really paranoid. Especially if you are a reporter attacking government secrets.