magine this grisly scenario: You're driving down the interstate with the cruise control set at the speed limit. Without warning, your car accelerates. The speedometer pushes past 100 miles per hour. Suddenly, the car turns left and crashes into the concrete median....
"Cars basically look like they have for 50 years, but underneath they've changed dramatically," said John D. Lee, a mechanical engineering professor at the University of Wisconsin. "A car is a rolling computer network with 80 to 100 microprocessors and 100 million lines of code."
It's become such a concern that last year, the National Highway Traffic Safety Administration quietly opened up a cyber terrorism department to keep track of software issues that could make cars vulnerable to attack.
Software is entwined with every conceivable system aboard today's vehicles, linking everything from brakes, powertrain and throttle to infotainment, Bluetooth connection and MP3 players.
Connected cars -– or rolling computers -– hold great promise for automotive safety. Human error causes more than 90 percent of the 10.8 million motor-vehicle accidents in the U.S. each year, according to Mitch Bainwol, chairman and CEO of the Alliance of Automobile Manufacturers. Safety developments both inside the car and along the highway could dramatically reduce accidents and fatalities.
But there is a dark side. Experts fear terrorists could launch an attack by breaching security in the software of a particular automaker or, in the years ahead, through the wireless infrastructure being developed to provide information for connected cars.
Critical systems hacked
"Can some 14-year-old in Indonesia shut a bunch of cars down because everything is wired up?" That's the question U.S. Senator Jay Rockefeller posed to a panel of automotive experts during a Senate Commerce Committee hearing last month.
The short answer is yes. Researchers from the University of Washington and University of California-San Diego hacked into an ordinary, mid-priced, late-model sedan available to any consumer. They unlocked car doors, eavesdropped on conversations, turned the engine on and off and compromised critical vehicle systems.
In a follow-up experiment, the researchers, affiliated with the Center for Automotive Embedded Systems Security, breached all sorts of security measures, uploading malware from a doctored CD and obtaining "full control" over the sedan's telematics unit by calling the car's cell phone, according to their research.
They also compromised a Pass-Thru device, which helps auto technicians diagnose problems, which allowed them to subsequently connect to every car that later was plugged into that device. This was particularly troublesome, because it meant hackers could infiltrate more than one car from a single entry point.
"We demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input –- including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on," the CAESS researchers wrote.
Another daunting conclusion that presents complications for crash investigators: The researchers successfully attacked the car's telematics unit in a way that "will completely erase any evidence of its presence after a crash."
Since the studies were completed, in 2010 and 2011, much has changed, and not necessarily for the better.
Wireless multiplies potential risks
Automakers are now wirelessly updating software. Customers can use services like OnStar's RemoteLink to unlock their doors and monitor their cars on their iPhones. Researchers are beginning to connect cars both with one another and through smart infrastructure that will help govern self-driving cars. All these wireless transactions multiplies risk....
-bth: this threat is very real.