Danger! Hackers Can Pwn Your Car

If you think that texting while driving is your biggest vehicle-related tech concern, a new report from McAfee may make you think twice. It seems that with each passing model year cars get more and more high tech. Unfortunately, the benefits of the technology come with increased risk that hackers can find and exploit security holes and wreak havoc with your car.

The car used to be a purely mechanical contraption. Now there are onboard computers and embedded systems that constantly monitor and adjust various aspects to optimize power and fuel efficiency. Power seats, anti-lock braking systems, electronic stability controls, GPS navigation, communication systems and more all rely on software. We even have vehicles now that will automatically stop even if you don’t react fast enough, or that can parallel park to squeeze your car into tight spots without your help.

The thing with software, though, is that it is imperfect. Hopefully the developers do everything within their power to write secure code and ensure there aren’t any obvious holes, but software is complex and it is virtually impossible to validate every possible use case and scenario. Eventually, a hacker will stumble upon a vulnerability in the software systems of your car, and that is when the danger begins.

“The auto industry is experiencing a convergence of consumer and automotive electronics. Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities,” said Georg Doll, senior director for automotive solutions at Wind River.

McAfee teamed up with Wind River and ESCRYPT to examine the issue in-depth. The resulting report– entitled “Caution: Malware Ahead“–provides a sobering analysis of the risks posed by software systems in vehicles. A hacker with could exploit software vulnerabilities in your car to perform a variety of activities ranging in impact from mischievous to deadly, such as:

Remotely unlock and start car via cell phone

Disable car remotely

Track a driver’s location, activities and routines

Steal personal data from a Bluetooth system

Disrupt navigation systems

Disable emergency assistance

“As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases,” said Stuart McClure, senior vice president and general manager, McAfee. “Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”

Intel bought McAfee with the security of these types of embedded systems in mind. Network and computer security, and anti-malware are still very necessary, but the world is quickly evolving. Intel wants to be on the forefront–driving those changes–and it recognizes that security is a critical element to ensure we can rely on the benefits of these new technologies without taking unreasonable risks.