IoT
IoT
Mobile // Mobile Devices
Commentary
2/9/2015
02:06 PM
Eric Zeman
Eric Zeman
Commentary
100%
0%

Smart Cars Vulnerable To Security Hacks, Report Finds

A US senator's report finds that carmakers are leaving vehicles open to intrusive attacks that can steal personal data and take over controls.

 =CES 2015: 11 Peeks Into The Future
CES 2015: 11 Peeks Into The Future
(Click image for larger view and slideshow.)

Putting computers and wireless connections into cars has left them wide open to hackers, claims lawmaker. Hackers can access car computers to take remote control of vehicle functions and lift the owner's data.

This is a problem.

"Many in the automotive industry really don't understand what the implications are of moving to this new computer-based era," said US Sen. Edward Markey (D-Mass.).

Markey based his conclusion on data provided by more than a dozen auto manufacturers. He polled them about the technology built into their cars and the protective measures keeping them secure. It turns out there's not a lot of security to talk about. Only two automobile manufacturers polled were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most said they rely on technologies that cannot be used for this purpose at all.

"No longer do you need a crowbar to break into an automobile," said Markey, during an interview on CBS This Morning. "You can do it with an iPad."

Researchers turned Markey on to the subject. They were able to demonstrate how an iPad-equipped hacker can seize control of car functions such as the horn, acceleration, headlights, speedometer, and gas-gauge readings -- even the steering wheel. Clearly such open access is a threat to life and property.

(The report did not single out Ford, but the type of technology companies are putting into cars leaves a lot of questions.)

(The report did not single out Ford, but the type of technology companies are putting into cars leaves a lot of questions.)

How is this possible?

Most new cars ship with dozens of on-board computers used to control various functions. While cars have had GPS inside for more than a decade, many now also include NFC, Bluetooth, tire-pressure monitors, keyless entry, WiFi, and LTE 4G. Hackers can take advantage of these insecure entry points to access the car's computers.

While it's unsettling to think that hackers can cause accidents, Markey's report also points out that carmakers are collecting a lot of personal data about owners.

Information such as where cars are stored and driven, how the owner drives the car, how the infotainment system is used, and more is being harvested by the carmakers. The timeframe manufacturers store this data within the car varies widely. The reasons behind collecting it are vague at best. One thing is certain: carmakers aren't advertising their data collection policies on promotional materials about their cars. Worse, consumers can't opt out. Markey wants far more transparency in this respect.

[Ford is looking beyond cars. Here's the reason why.]

The manufacturers' responses "reveal there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to collect and use personal driver information," according to the report. "There really aren't any clear guidelines on the books."

There's little consumers can do at the moment. With no safeguards in place, everything is left open. While the industry is working to create standardized protection schemes for new models, cars already on the road are at risk.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
passiotech
50%
50%
passiotech,
User Rank: Apprentice
3/19/2015 | 4:42:15 AM
Smart Cars Vulnerable To Security Hacks
I believe that the true solution to this problem is to segregate the critical systems from non-critical ones and automobile companies should issue proper guidelines to their customers. They need to make sure that people are made aware about the security features. Companies should come forward and arrange free knowledge based camps where customers can learn about how to keep their car's system secure.
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/10/2015 | 1:16:26 PM
Re: Sixty Minutes?
Exactly. NBC News showed a demonstration of overriding the brakes also, independent of those DARPA guys that 60 Minutes was about.

This is crazy connecting those type of car systems to remote access. Sounds like they piggyback on the cell service used to make emergency calls if you wreck. But why those can't be isolated from the systems that control car function makes no sense whatsoever. There is also no reason to be able to open your door or start your car from a freaking phone! It's like anything that CAN be done technically is getting done with no thought to the ramifications.

 
MichiganJeff
50%
50%
MichiganJeff,
User Rank: Apprentice
2/10/2015 | 10:13:11 AM
New cars, new problems
Makes me kinda glad that my primary vehicle is a 1995 Chrysler convertible. lol  Not only can I still work on it, it doesn't have all of today's drive by wire features.  Unfortunately, the same probably can't be said about my 2005 Chevy truck with OnStar (even though I'm not subscribed at the moment).
GonzSTL
50%
50%
GonzSTL,
User Rank: Strategist
2/10/2015 | 9:04:34 AM
Re: smart cars
Information Technology does not change simply because it takes the form of automobile systems. There is no reason why car IT systems should be treated differently than business IT systems. From the different reports I've read regarding automobile IT, the one most glaring mistakes is the lack of proper segmentation between critical systems and convenience functions. These advanced IT systems in automobiles are being developed at a time when breaches of business IT systems are almost an everyday occurrence. That is completely inexcusable.

What comes to mind is the rush to delivery, to be the first one to implement the latest and greatest whiz bang technology designed to enhance the comfort level of the automobile occupants. While that's all fine and dandy, it should not come at the expense of security. In everyday news, we often hear about terrorist activities, of mass bombings, massacres, etc. Imagine a two ton vehicle whose IT systems have been compromised and controlled remotely, hurtling towards a crowded plaza, or a building in the downtown area of any city. A guided missile, if you will. Or maybe just some hacker who gets a thrill from simply taking over an IT system, controlling an automobile to fulfill whatever whim they have, whether or not they can see the vehicle they are controlling.

While organizations work hard to implement proper IT security, automobile manufacturers should take note and follow suit. Vehicle IT systems are no different at the core; both rely on computer and networking technology governed by operating systems and software applications, and therefore share the same fundamental vulnerabilities. IT security should be built in during the entire life cycle, and not patched in as an afterthought.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/10/2015 | 1:20:03 AM
FTC, too
On top of the FTC's recent report criticizing IoT security, it appears that the government is finally starting to pay attention.

But boy does it act slowly.  That FTC report?  Based largely on a meeting that took place in 2013.  IoT tech has advanced significantly since then (although it's still not secure enough, to be sure).
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
2/10/2015 | 12:41:04 AM
Re: smart cars
This is always a conflict - the smarter car is, the more complex it becomes. Then there is more chance to get vulnerabilities. For car, it's really threatening, especially if the hacker took the control - the driver will be easily shot...
jamesmark
50%
50%
jamesmark,
User Rank: Apprentice
2/9/2015 | 5:32:10 PM
Re: smart cars
The smarter the car, the more vulnerable it is, I think ... 
SamRay
50%
50%
SamRay,
User Rank: Strategist
2/9/2015 | 3:34:30 PM
Sixty Minutes?
Is this what Sixty Minutes was talking about and demonstrating yesterday?
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
2/9/2015 | 3:27:20 PM
Re: smart cars
It's a scary thought.  I'm curious to see if we will see more carmakers at least introducing default encryption to protect these cars.  While nothing will ever be foolproof, at least its a start!

Sadly often vendors move ahead with functionality without ensuring the right back-end controls are in place. 
Ariella
50%
50%
Ariella,
User Rank: Author
2/9/2015 | 2:26:51 PM
smart cars
"No longer do you need a crowbar to break into an automobile," said Markey, during an interview on CBS This Morning. "You can do it with an iPad."

That's a great quote. And the iPad can actually cause more long term damage, as we see from all the security breaches that make the news regularly.
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.