Car hacks loom as autos go wireless

Pretty soon cars could be warning one another of driving hazards that drivers aren’t observant enough to avoid. That’s the hope of the Connected Vehicle Trade Association, a group exploring the potential benefits of two-way car communications using GPS and wireless technologies.

The undertaking sounds potentially beneficial: The experts involved believe that 83 percent of unimpaired vehicle-related fatalities (those not connected to drugs, alcohol, and so on) might be avoided by boosting vehicular intelligence. Still, any technology capable of transmitting personal data — in this case, auto-related information — and controlling our cars could be abused by hackers.

[ Download Roger Grimes’s new “Data Loss Prevention Deep Dive” PDF expert guide today! | Master your security with InfoWorld’s interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld’s Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]

One of the first projects being explored and likely coming to your automobile in the next few years is enabling cars to transmit and receive speed and location information via built-in GPS and wireless radio. The goal is to help vehicles avoid collisions on the road by either sending an alert signal to the driver or instructing the auto to take evasive action, such as slowing down or changing lanes.

Again, it’s tough to discount those potential benefits, but it’s also difficult to overlook the fact that this sort of technology can result in potential privacy problems and hacker abuse. Fortunately, some of my concerns were laid to rest after speaking with William Whyte, chief scientist at Security Innovation. He’s a cryptographer who’s participated in developing various vehicle communication standards for years. I could tell that he and his associated standards body are just as concerned about privacy and security as any of us would be.

Whyte informed me of a few more details about car communications. First, the system’s wireless spectrum lives at 5.9GHz and has been reserved for that purpose since 1998. The vehicle communication standard is part of IEEE working group 1609, officially known as the Wireless Access in Vehicle Environments (WAVE). The organization encompasses peer-to-peer, single-hop transient (that is, not stored) transmissions. There are no centralized computers.

Each participating vehicle will broadcast wireless heartbeats or beacon messages that can be picked up by other participating autos. Messages are authenticated, but not encrypted; they don’t need to be because they are intended to be broadcasted and shared by any nearby vehicle. There is no personally identifying information in the WAVE messages, so no one can tell which vehicle is sending a particular message; at least, that capability is not built into the protocol.

Whyte, along with his security subgroup, has been threat-modeling malicious scenarios since the beginning. One such possibility involves hackers introducing false messages into the system to cause an unintended consequence. I could see hacker thieves wanting to abruptly stop a vehicle so that they can take it or rob the passengers.

Whyte’s group is also looking at how to prevent wireless denial-of-service conditions. Due to these types of threats, Whyte and his group are heavily relying on strong cryptography to ensure the validity of packets and the overall safety of the peer-to-peer network.

Of course, some of the built-in privacy characteristics present challenges. Whyte said, “How do you get information on misbehaving vehicles [or other malicious actions that need correction] without a centralized server or service?” The IEEE 1609 working group is working hard to ensure the safety of the system. Field trials involving 2,000 test vehicles begins in 2012.

Will they be able to design a perfectly secure system? Only time will tell. However, I think anyone could spend a few minutes with Whyte and feel confident that we were in solid, well-meaning, and knowledgeable hands. You can read more from Whyte at his Security Innovation blog.

This story, “Car hacks loom as autos go wireless,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’s Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.