War with computer hackers hits the road

The computer industry has battled hackers and destructive software viruses for years. That battle is now spreading to vehicles.

The menu of future electronic features currently being studied by automakers--everything from Internet-based data and entertainment to car-to-car safety communications--has a dark shadow. Any one of them is a potential open window to computer hackers, says Georg Doll, senior director of automotive solutions at Wind River, the automotive software arm of Intel.

'New vulnerability'
"A new vulnerability is opening up," says Doll. "One security threat is that a potential attacker gets control of the car's electronic control unit, or ECU. All the units are connected. You could do something like apply the brakes to a single wheel, and the rest of it you can imagine.

"The second one would be someone seeking personal information about the driver or of people who are using the car."

Wind River creates the unseen "system platforms" that allow cell phones, navigation systems, display monitors, the Internet, and vehicle control systems to talk to each other. The company announced recently that it is working with McAfee, the company that protects PCs against malware, such as viruses, spam, and Trojan horses, to develop a malware system for autos.

Last year, police in Austin, Texas, arrested a 20-year-old former auto dealership employee who allegedly hacked into 100 privately owned vehicles, deactivated their electric starters and GPS systems, triggered their horns, and altered their registrations.

McAfee and other computer diagnostics service firms have a vested interest in alerting vehicle owners that they are at risk. But Doll says the alarm is legitimate.

"The entertainment system is as connected to the car as the brakes," he says. "Advanced systems today get information about the street from the navigation systems. Navigation runs on the same system as the multimedia applications. If someone attacked the navigation system, he could get access to the full car."

Researchers at the University of California in San Diego and the University of Washington agree. The team published a paper in August warning that there are plenty of chinks in the automobile's armor.

Among their realistic scenarios:

-- A virus enters the vehicle though a downloaded piece of music and interferes with controls.

-- A hacker attacks the car using the same wireless frequency as its remote keyless entry.

-- Hackers reach into vehicle control units by long-range broadcast, using the auto's global positioning system as a receiver.

Those scenarios are based on existing vehicle technology. The next three to four years will likely see a surge in Internet-based features, like the practice of storing a vehicle's music libraries and appointment calendars on the Internet, rather than on chips inside the car.

It is an area the industry's high-tech suppliers are trying to contain, says Danny Shapiro, director of automotive at Nvidia, a Santa Clara, Calif., supplier of graphics processing units for BMW, Audi, Volkswagen, Mini, and other automakers.

"We're asking, what are all the things that could go wrong, and how can we safeguard against them?" Shapiro says.

Learning from the past
But he sounds an optimistic note: "We've learned from the PC experience. PCs seem to face a new virus threat every six months. But those are open systems. Vehicles are closed systems. There will be a higher standard for the software and features that go into them. It will be self-imposed, or it may have to be regulated.

"We're never going to be able to make it 100 percent bulletproof," he says. "But we can make it superchallenging. The stakes are higher. Think of the social, legal, and financial liability issues if things get compromised and there's an accident."

(Source: Automotive News)