Computer Security for Automobiles… We Need It!

Like everything else, our cars are becoming computer controlled. And, like everything with computers inside; people are hacking them so they do different things than they were expected to.

Recently, researchers from Rutgers University and University of South Carolina discovered that the wireless communications between cars and their tires can be captured, intercepted and even forged at distances of up to 40 meters. So, here you are, driving along, late at night, the dashboard lights up and all 4 tires suddenly show ‘low.’ You pull over to see if you ran over a box of nails or something like that. But, when you stop, a guy with a little black box is waiting for you.

Sound crazy? Maybe… But it can happen… Tonight.

In the slightly less SciFi movie category, someone with the right skills, can over ride your car’s remote, turn off the alarm, unlock your car, and be gone in no time. Today. In fact, we pay extra for all but the ‘gone in no time’ part. There are services that will allow a remote agent to turn off the alarm and unlock your car if you lose your keys or leave them inside. The problem is that others may be able to as well.

While there are standards and requirements for the security of systems that handle personal information like your social security and credit card numbers, there aren’t any standards like this for the electronics and computers in your car.

There are other, not so obvious, things to consider as well. Security standards generally require that systems perform self-tests for integrity and function before they are permitted to operate. For systems like anti-lock breaking and air-bag deployment, this is important.

Even if the manufacturers already do self-tests, part of the security standards process is independent examination and testing of the system to ensure that it works correctly, or can determine that it won’t and then alert the operator. This independent testing would add to the reliability and safety of any car. Most of the materials

Cars are no longer the relatively simple mechanical things they were; they now have more computing power than the first spacecraft that went to the moon. We commit ourselves to them every time we get in and go somewhere. But now we aren’t only committing our safety from a mechanical sense, we are also committing our safety from a security perspective. There are good mechanisms already in place in several standards (FIPS 140-2 and Common Criteria for a start) that can take into account security concerns like hacking as well as integrity and reliability concerns. It’s an option we should all consider along with ABS and the killer sound system.


Steve Weingart