Case study: Malware in cars

More than 100 drivers from Texas could be excused for thinking they were truly terribly lucky, or - for the most superstitious of them at least - that their cars were possessed by an evil spirit. That's because in 2010, over 100 customers at a Texas Auto Center dealership found their attempts to start their cars unsuccessful, and worse, their car alarms continued to ring, stopping only after the batteries were removed from their vehicles [source: Shaer].

What seemed to some to be a pure accident and a mechanical breakdown turned out to be the case of a disgruntled employee who turned into a hacker. Omar Ramos-Lopez, fired by a Texas Auto Center, sought revenge on his former employer in Austin, Texas by hacking into a web-based vehicle immobilization system commonly used to shut off cars for people who have stopped making mandatory payments [source: Shaer]. Ramos-Lopez, who was eventually arrested, not only created a lot of chaos and a stream of angry customer complaints, but also pointed out some vulnerabilities in our machines, which increasingly depend on computers, from a skillful and purposeful hacker.

While the Ramos-Lopez attack received a lot of attention, its hack was rather modest compared to the possibilities revealed by analysts from a number of different universities. Indeed, in 2010, researchers at the University of Washington and the University of California, San Diego proved that they can hack into computer systems that control vehicles and remotely control everything from brakes to heat and radios [source: Clayton]. Researchers at Rutgers University and the University of South Carolina have also demonstrated the ability to intercept wireless signals sent by a vehicle's tire pressure monitoring system, allowing hackers to track vehicle movements.

Taken together, these events show that cars are becoming increasingly vulnerable to viruses (also known as malware) introduced by hackers, which continually confuse, frustrate and harm PC users around the world. Obviously, this has real implications for drivers, although the researchers themselves note that hackers have not yet fallen victim to many people. But the consequences are clear.

“If your car is infected, then everything for which the computer is infected is infected. So if the computer controls the windows and locks, then a virus or malicious code can control the windows and locks, ”says Damon Petraglia, director of forensics and information security at Chartstone Consulting and has trained law enforcement officials in computer forensics. "The same goes for steering and braking."

keylogger



More gadgets - more vulnerability

Any mechanic who came of age in the 1960s and 1970s will tell you that modern cars are not like everything they have learned to work on, they are so packed with computers that they seem more like an IT geek's realm than a greasy monkey. And it is certainly true that there are many computers in modern cars, although in general they are not quite the same as PCs. “In cars, processors are much simpler than home computers and are designed to perform simple, specialized tasks,” said Cameron Camp, a researcher at ESET, a technology security company.

Indeed, most cars today have numerous so-called “embedded systems”, which are small computers that control very specific aspects of a car's functioning, such as airbag deployment, cruise control, anti-lock brakes, and power seats. Although these embedded systems have the same architecture as PCs — they use hardware, software, memory, and a processor — they are more like a smartphone than a laptop in complexity. Car computers were more or less protected from hackers and viruses because, unlike PCs, external computers or humans had few ways to connect to car computers.

In general, the introduction of the virus required physical control of the vehicle. “In the past, this would have been difficult because the only way to access a car's computer is through the manufacturer's diagnostic or programming equipment,” says Robert Hills, senior education program manager at the Universal Institute of Technology, which specializes in technical training. and training for the automotive industry. In other words, it would require the mechanic to inject the virus through the computer or software used to diagnose the problem with the car.

Arye Gorecki, another ESET researcher, said the development of viruses for many vehicles is also costly due to the lack of standardization of hardware, software and protocols. “This will make it difficult for an attacker to attack multiple brands and models of cars at the same time,” he says.

But vulnerability to hacking and viruses is growing as car computers become more connected to the outside world. “As more and more cars are interfaced with websites like Pandora and even Facebook, cars are getting two-way communication and are therefore inherently more vulnerable,” says Cas Mollien, information and communications technology strategist at Bazic Blue. With the advent of more entertainment and communication devices, including MP3 and iPod adapters and USB ports, there are more channels for viruses to potentially enter the car.


A glimpse into the not too distant future

How does it work?

Bazic Blue's Cas Mollien says the advent of communication and entertainment devices is not a big deal just yet. “As long as the media interface is separate from the vehicle's control computers, the worst that can happen is that the media equipment malfunctions,” he says. “However, once these two components are connected, the door will be wide open and it is only a matter of time for a smart hacker to find a way to navigate through it. Then we have a problem. "

This problem can spread quickly, literally, as the ability of computers in cars to communicate with each other improves. “Manufacturers are working on this, and future vehicles will likely be able to share information about safety, upcoming driving situations and more,” says Robert Hills of the Universal Technical Institute.

Unsurprisingly, automakers are working on ways to prevent hackers from getting viruses into cars and causing other harm, although details of their efforts are not always available. However, opinions on how dangerous it really is for future drivers are controversial. Petraglia of Chartstone Consulting says it's time to start planning, as this will allow preventive action to be taken before the problem becomes widespread.

But ESET researcher Goretsky does not lose sleep about this. “We always have to worry about the risks every day, whether it's using a computer or driving a car,” he says. "The potential risk of a car getting a computer virus would certainly not stop me from buying it."

Malware in Cars

Alika Tsulygina

 next article