Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Wireless Hacking Study Shows Vulnerability Of Vehicle Software Systems

Fortify : 07 September, 2010  (Technical Article)
Fortify urges car makers to build security into the ever-increasing amounts of code used in on-board vehicle computers preventing potential drive-by attacks of vehicle locking and ignition systems providing easy access for car thieves
Research from the University of California San Diego and the University of Washington - and which concludes that modern cars are susceptible to wireless hacking - is the result of a security issues being ignored at the car electronics software design stage, say Fortify Software.

And, says the software security assurance specialist, with the latest cars now coming with as many as 50 or more interconnected computer systems - controlling everything from the brakes to the door locks and ignition system - now that the vehicles are becoming wirelessly-enabled, they are a lot easier to electronically hack into.

'It's interesting to see that the researchers have identified that most cars built since the late 1990s have a computer diagnostic port, since this port needs direct physical access to operate and therefore hack,' said Barmak Meftah, Fortify Software's chief products officer.

'But now these systems are being wirelessly enabled and held together with several tens of megabytes of code, it's a relatively small step to modify the code and allow hackers an easy - and wireless - back door into a car's computer system,' he added.

This was, says Meftah, no theoretical exercise, as the researchers were able to load new firmware onto their own circuitboard and, by plugging the board into the car's internal network, translate the data flowing between the vehicle and a laptop.

This reverse engineering process allowed the researchers to develop a customised vehicle network interface and effectively take control of the car's electronic nervous system.

So far, so normal, the Fortify chief products officer says, but the killer hack was when the researchers were able to generate network commands wirelessly from another car.

'In theory this will eventually allow a wireless drive-by attack on the firmware of a car, to the point where it's central locking and ignition protection systems can be disabled. A professional thief can then saunter up, open the car and simply drive off,' he explained.

According to Meftah, car manufacturers should have foreseen the development of hacking attacks on their vehicle computer systems and built security safeguards into the firmware to stop this type of electronic hacking.

'It's all very well saying that the manufacturers should enhance the security of their car computer networks and the protocols used, but this potential fiasco could be have been avoided if car developers had built security in from the ground up on a vehicle's electronics systems,' he said.

'That way, if someone were to hack into the electronics, the car's central nervous system would realise it was under attack and take appropriate action, such as immobilising the vehicle,' he added.

'When you consider the high standard of IT defences that a typical office server has built in, it seems strange that something like a car - which costs ten times the price of a server, and then some - does not have similar levels of protection.'
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo