The malicious car that murders its driver — a la Stephen King’s “Christine” — used to be mere urban legend. However, the high-tech automobiles of tomorrow could make the nightmare a modern-day reality.
Digitized vehicles — which include features like anti-lock brakes, automatic seatbelts and automatic door locks — are becoming increasingly popular. Because of this, a research group including computer-science graduate student Steve Checkoway is concerned that computer hackers may be able to gain remote access to such vehicles. The more wireless network technology advances, the more gateways for remote access will open for hackers to exploit.
“As cars become more connected to the outside world, the attack surface will increase,” Checkoway said.
To test the possibilities of remote manipulation, researchers developed CarShark — a software program that observes, takes apart and inserts code, into car computers. This way, they can test how easy it will be for unauthorized individuals or technology, to command a car’s functions.
“[CarShark] was written by us to interact with the various computers in the car,” Checkoway said. “It was developed incrementally, adding functionality as the need arose.”
To test CarShark, the researchers connected a digitized car to a laptop. Another laptop was used to wirelessly link and control the original laptop running CarShark — enabling the hacker to remotely access the vehicle’s many functions.
Initially, the researchers thought they would have to locate specific vulnerable points before hacking the car. However, they were able to adjust the car’s functions simply by inserting random codes into the car to see how it would affect the system. If the computer systems had been secure, the insertion of random codes would not have affected the car in any way. The results demonstrated that computerized cars are insecure — extremely easy to damage and attack.
The extent of potential manipulation ranged from mere annoyances — such as unlocking all doors or popping the trunk — to more immediate danger, like killing the engine.
According to Checkoway, executing this type of attack would requires a high level of computer proficiency in a field most hackers are still unaware of. Checkoway stressed that current vehicles currently on the market do not yet have the technological features to be at risk — the research was performed on future generations of automobiles, which will rely on digital technology as their main source of control.
“We don’t believe that car owners should be overly concerned at this time,” Checkoway said. “The benefits of having modern, computerized cars far outweigh the dangers posed by the attack. For example, anti-lock brakes, stability control, seatbelts that predict crashes and tighten preemptively and automatic notification of first responders in the event of a crash are just a few of the many benefits computerized cars offer.”
Checkoway said it’s unlikely an infallible defense against car hacking will be created as there are so many possible modes for attack. He said that cars are increasingly integrated with computers, new security holes are created.
However, he added that the research group has informed undisclosed automobile manufacturers about the vulnerabilities of computerized automobiles.
“Before going public with this information, we disclosed the vulnerabilities to all of the relevant stakeholders,” Checkoway said.“The response we received has been very positive.”
Readers can contact Jerry To at [email protected].
