As if worrying about the vulnerability of your PC and smart phone to hackers were not enough, could your car be the next target? Maybe not today, but engineers are transforming automobiles from a collection of mechanical devices crowded around a combustion engine to a sophisticated network of as many as 70 computers—called electronic control units (ECUs). These computers are linked to one another and to the Internet, making the car a mini mobile data center susceptible to many of the same digital dangers—viruses, denial-of-service attacks, etcetera—that have long plagued PCs and other networked devices.



ECUs manage supercritical, real-time systems such as steering, air bag deployment and braking as well as less critical components including the ignition, lights and infotainment console. Software (sometimes up to 100 million lines of code) tells these ECUs what to do and when to do it. ECUs tend to share networks when they communicate with one another. This makes it easier to control more networked gadgets (GPS, MP3 players and more) from the same place, such as the center of the steering wheel. The problem comes when infotainment and other nonessential components share the same network with the brakes, steering and other safety-critical devices.



So says a group of researchers who claim that earlier this year they proved a hacker could, among other things, conceivably use a cell phone to unlock a car's doors and start its engine remotely, so he or she could then get behind the wheel and drive away. Stefan Savage, a computer science professor at the University of California, San Diego, and Tadayoshi Kohno, an assistant computer science and engineering professor at the University of Washington in Seattle, inserted malicious software onto a car's computer system using its Bluetooth and cell phone connections. (They decline to specify which brand of car.) They presented their work in March at the National Academies Committee on Electronic Vehicle Controls and Unintended Acceleration.



Savage, Kohno and their colleagues have for the past few years studied cyber attacks against automobile networks. Earlier experiments used a laptop plugged into the federally mandated On-Board Diagnostic system (OBD–II) port under a test car's dashboard to take control of its ECUs to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver's actions (pdf).



This research "shows the need for security measures in vehicular onboard networks," says Olaf Henniger, a researcher at Germany's Fraunhofer Institute for Secure Information Technology. "Wireless communication can be eavesdropped, jammed or relayed, and automobile security measures are necessary."



Henniger and his colleagues are working to create just that. He is a member of Europe's E-Safety Vehicle Intrusion Protected Applications (EVITA) project, launched in July 2008 with the help of BMW Group, Fujitsu and others to develop a security blueprint that carmakers can follow to build more secure onboard networks. The project, scheduled to wrap up at the end of the year, is focused on protecting vehicle-to-vehicle and vehicle-to-infrastructure communication designed to prevent traffic accidents. Researchers have already created prototypes of specialized hardware security modules that would encrypt or authenticate data exchanged within the car, with other cars and with the equipment on the roadways themselves. A follow-up project launched in February called Preparing Secure Vehicle-to-X Communication Systems (PRESERVE) will use EVITA's specifications to create standardized security hardware that would be less expensive to implement.



Whether car companies are willing to invest in the additional security remains to be seen, says Anup Ghosh, a research professor and chief scientist at George Mason University's Center for Secure Information Systems. Automotive engineers have limited budgets just like everyone else, and it is easier and less expensive to have multiple devices plug into shared networks, he adds.



Many manufacturers say their vehicles are already safe. Ford, whose SYNC system was co-developed by Microsoft and introduced in 2007, has a built-in firewall to protect against network attacks and separates its vehicle control network from its infotainment network, says Rich Strader, director of Ford's Information Technology Security and Strategy practice. SYNC also uses encryption and wireless security protocols, and the car company encodes its software updates so that SYNC knows these updates are coming from a trusted source rather than a hacker, according to Strader.



Mobile apps that can be downloaded to smart phones for remotely starting a vehicle's ignition, unlocking doors and other functions are also seen by some as a potential cyber security threat. Once that phone is paired with the car via Bluetooth, it becomes a part of the car's network, Ghosh says. If a hacker were to get control of that phone (perhaps through a virus downloaded from the Web), that person might then be able to gain access to the vehicle to which the phone is paired, he adds.



As a security measure, GM's OnStar MyLink is a mobile application that never communicates directly with the car, says Vijay Iyer, director of public affairs and corporate communications for OnStar. Instead, the app connects to OnStar's network, which requests user authentication via a PIN. If approved, the network then communicates with the car to perform functions such as unlocking doors or starting the ignition.



Savage, Kohno and their colleagues have been careful to point out that their success was the work of several years of experimentation and does not mean that cars are suddenly vulnerable to network attacks. Still, it seems the unending chess match between hackers and security programmers has found a new playing field.