Apparently security researchers have been able to do a proof of concept attack on a car’s electronic systems with a crafted digital music file. Modern cars rely a lot on electronic control systems, and software, and it continues to increase. This represents a very real danger even if some the experts quoted in the article feel that it is unlikely. There will always be somebody curious enough, and smart enough to figure out a hack, and then package it up in an easy to use tool.
I think I’m going to start a company that sells firewalls and antivirus scanners for cars.
But in the future, will you still have that option? The software and network are in the cars now, and in the future. That won’t disappear. Bluetooth and remote control systems like OnStar are becoming standard equipment rather than optional features. This provides avenues of attack on your vehicle even if you don’t want or use them. You might be able to physically disconnect them, but then again, if they become integrated with the rest of the modules used to actual provide control of the car, that may not be possible without compromising the ability of the car to actually function.
As far as music files go, I bet we will have that option, simply because an analog input is cheap and useful — and earphone jacks on music players will always be analog outs.
As for other kinds of attacks, no doubt you’re right – and wasn’t there already a case, several years ago now, where a production car shipped with a virus onboard? IIRC it was a virus not relevant to the car per se, but still, there it was.
I’m also wondering about a car-based equivalent of the infamous Sony rootkit from that country album a few years back.
I think car makers have been pretty lax with security (outside of door locks and car alarms), hoping that the traditionally closed and isolated nature of their systems keeps them relatively safe from attack. They’ve already moved to more computerized systems (which happened years and years ago) and those systems are now getting more tightly integrated or coupled. An attack vector like this was bound to crop up sooner or later.
For the past few years, this type of risk has only been in the higher end premium and luxury brands, but soon it will start to trickle down to more basic brands and models.
If anything, I hope this brings more scrutiny to the car makers to begin to provide better security along with all the new features everyone wants.
Lastly, all this tight coupling also makes replacing parts afterwards by yourself nigh impossible, but that’s a different rant.
It’s likely cost, and security of the electronic systems not yet being a big enough issue to overcome that cost savings. I expect that will change in the future design of cars, especially if a major public incident of successful hacking occurs.