Monday, June 2, 2014

Your car is a giant computer - and it can be hacked

Imagine driving down the highway at 70 miles per hour, when suddenly the wheel turns hard right. You crash. And it was because someone hacked your car.

It's not far-fetched science fiction. It's the near-term future today's hackers are warning about.

Most people aren't aware their cars are already high-tech computers. And now we're networking them by giving them wireless connectivity. Yet there's a danger to turning your car into a smartphone on wheels: It makes them a powerful target for hackers. Interviews with automakers, suppliers and security advisers reveal a major problem with the new wave of "connected" cars: The inside of your car has ancient technology that presents a security risk.

The 50 to 100 tiny computers that control your steering, acceleration and brakes are really dumb. They rarely conduct authentication, checking whether that message is really coming from you. An outsider can send them commands. The computer code in cars is outdated. It's similar to the on/off switches used in industrial controls. It's easily manipulated.

Much like the human central nervous system, every electronic part inside a car is connected to a central spine. Tap one part, you can likely reach any other. "The protocol and internal parts of the car were never meant to be connected to anything," said Joe Klein, a researcher at security firm Disrupt6.

Cars' computers were built safely enough back in the 1990s, when the car was a closed box. But their architecture won't hold up as we hook them up to the Internet.

Consider the level of complexity of modern day cars -- and the chance for a screw up. The space ship that put humans on the moon, Apollo 11, had 145,000 lines of computer code. The Android operating system has 12 million. A modern car? Easily 100 million lines of code.

"Auto manufacturers are not up to speed," said Ed Adams, a researcher at Security Innovation, a company that tests the safety of automobiles. "They're just behind the times. Car software is not built to the same standards as, say, a bank application. Or software coming out of Microsoft."

The nightmare scenario: Hackers access your car's core controls by breaching its Internet-connected entertainment system and tamper with your brakes. Hackers have already proven that scenario can happen. Security engineers Charlie Miller and Chris Valasek demonstrated last year how they could hijack control of a car by connecting laptops to the dashboard.

But cars are going wireless. The next generation of Audi and Tesla (TSLA) automobiles are connected to the AT&T (T) network. Wires won't be needed to hack them.

Read Full Story