Increasingly sophisticated onboard computers may put cars in danger of cyber attacks
Worrying about hackers breaking into your laptop and cell phone is bad enough, but soon your car may be vulnerable, too. With each new model year, the automobile becomes less a collection of mechanical devices and more a sophisticated network of computers linked to one another and to the Internet. Earlier this year a group of researchers proved that a hacker could conceivably use a cell phone to unlock a car’s doors and start its engine remotely, then get behind the wheel and drive away. In work presented in March to a committee of the National Academies, Stefan Savage, a computer science professor at the University of California, San Diego, and Tadayoshi Kohno of the University of Washington, placed malicious software on an unspecified car’s computer system using its own Bluetooth and cell phone connections. The software could have been used to co-opt the car’s computer system, including its engine. The research “shows the need for security measures in vehicular onboard networks,” says Olaf Henniger, a researcher at Germany’s Fraunhofer Institute for Secure Information Technology.
Henniger and his colleagues are working to create just that. He is a member of EVITA, an effort that was launched in 2008 with the help of BMW Group, Fujitsu and others to develop a security blueprint that carmakers can follow to build more secure onboard networks. The project, which is scheduled to wrap up at the end of the year, has already developed prototypes that would encrypt or authenticate data exchanged within the car, with other cars and with equipment on roadways.