As cars are becoming networks of on board computers connected to the public network they are able to exploit a variety of services available on the Web and be much more efficient in terms of energy consumption by regulating themselves and by coordinating with one another to sort out/avoid traffic jams.
This is made possible by the tremendous growth of processing power that in a luxury car is managing, through 50 to 70 on board computers and 100 MB of code, the internal systems and increasingly the relations with the external world.
Increasingly the computers in a car are getting interconnected one another and the interconnection of some with the external world is a potential gateway to hackers. A research published by the department of computer science at the University of California, San Diego, highlights these potential risks.
The trend towards greater connectivity and the remote access to some of the computers and applications is going to increase the risk of malicious access and tampering. Satellite radios and remote door opening systems are potential entry points. Cars are programmed in such a way that when an accident occurs and the airbag is deployed doors unlock (to ease access to potentially injured passengers). This connection between the car acceident detection system and door locks management could be exploited by malicious parties to gain access to the car.
The research points out that attacks on present car systems can succeed, both as the car is parked and as it is moving. It also points out that some of the approaches used to protect computer systems from attacks are not viable, such as the one of shutting down the computer when an attack is detected. You do not want your car to shut down in the middle of a crossing or when negotiating an overtaking of a truck.
An amazing discover is that most of the computers of the car have some sort of authentication system but apparently they are not using it. It may be time to look more carefully at computers’ car security.
On the one hand, the networked car is creating a new ecosystem for a wealth of applications but as any ecosystem it will also embed some malicious players attracted by suach a wealth and willing to exploit it to their advantage.