carmakers ignore hacking risk, security expert says - gps car alarm system
Technical features such as adaptive cruise control, automatic braking, and automatic parallel parking systems make cars smarter and make them more vulnerable to hacking
A car safety researcher said the risk appeared to be ignored by automakers.
"There is no security culture," Chris Valasek, director of vehicle safety research at computer security consulting firm firmIOActive, said in a keynote speech at this week's Department IT security conference in Toronto.
This is a concern, he said, because cars hijacked remotely can cause potential damage.
"Unlike a normal personal computer, if your car is damaged, there is a possibility of physical loss, not just economic loss," he said . ".
"It is not easy to solve the problem of hitting your car into a pole or braking and causing traffic jams.
"In recent years, security researchers at the University of Washington have shown that they can hack cars and start cars through systems used for emissions testing or remotely using devices such as Bluetooth wireless connectivity or cellular radio.
Read more about the study. Others say they can invade cars remotely via mobile phones.
Unlock the door and start the engine based on the car alarm system.
After vlasker and his research partner, Twitter's security engineer Charlie Miller, proved that the laptop in the car could be used to disable braking and power steering and confuse GPS and speedometer, I started trying a remote attack.
He said that although there has been no attacks on the public so far, he expects that this situation will change with the increasing popularity of high-tech technologies.
Carsdrastenally's technical features greatly increase the number of potential targetsbe car hackers.
"Technology is driving car sales," he said . " He pointed out that GM's commercial advertising in the United StatesS.
Wi in their car-Fi function.
On Thursday, Ford announced a new technology starting 2015 that will use radar and camera technology to detect pedestrians and brake automatically.
The automatic braking system and adaptive cruise control have been installed in a way that "more cars than you think" to speed up or slow down the car in response to the vehicle in front of you, varasker said in an interview after the conversation.
He suggested that for state leaders and others who may face targeted attacks, it is too early to consider the security risks of their car's technical features.
"Ordinary consumers don't worry too much, . . . . . . As these become more common in all vehicles, it is indeed possible for us to see public attacks.
Valasek showed in his speech how unsafe technology built into the car was designed
Car networks make them vulnerable to hacking.
The communication between the software and the brake and steering system is designed to be like this, for example, if the system receives the information it understands and tells it to brake, it will comply.
"It doesn't ask where it came from or who sent it.
"Researchers have shown that this information can be sent through other systems in the car that do not directly control the car, such as Bluetooth connection, remote keyless access, or information entertainment systems.
In turn, these weapons may also be used to indirectly hijack the control system of the car.
Valasek said the challenge is that unsafe information systems in cars are often standardized and are required by law for purposes such as emission testing.
At the same time, he added, automakers often do nothing about what they do to mitigate the risks of such a system.
As far as he knows, they have not yet developed any means to detect attacks.
Toyota says it protects its cars through a firewall, but Valasek says a similar simple solution has proven ineffective in protecting PCs.
He is also concerned that, in addition to sending letters to customers by mail and asking them to drive to the store service, automakers lack systems to distribute security patches or upgrades to cars.
He suggested that the customer do "the next month-
Working an hour a day, picking up children and walking dogs "does not go to work.
Valaseklikenedcar manufacturers started from the previous era of information technology, and they did not learn from the mistakes of the software manufacturers in the past.
"Now," he said, "security seems to be an afterthought.
Part of the reason, he admits, may be the lack of transparency and the reluctance of automakers to talk about safety.
Disesjohn Proctor, a Canadian network security expert
The president of global cybersecurity at firmCGI, a Canadian IT consulting firm, disagrees.
"Car companies are actually very concerned about safety," he told CBC News . ".
His company works with Volvo as a "certificate authority" to ensure that the personnel and equipment communicating with Volvo vehicles have the correct certificates.
For example, when they take the car to the dealer to install the software patch, it is an authorized computer that talks to the car.
He suggested that car companies have done risk analysis and are designing their cars accordingly.
"It comes down to: how safe do they need to be?
"Proctor believes that the risk is low, because so far, car hacking demonstrations are usually carried out in very, very controlled situations that are almost labs --
He agreed with Valasek that technology was related to car sales. "Could they [manufacturers]
Make them absolutely safe? " he asked. "Yes.
However, carwill will not communicate via Bluetooth and will not communicate with Wi-
Fi, your phone can't connect and people won't buy it either.
Proctor said other car companies have been asking CGIto for help recently to establish communication security for their vehicles, which he admits is not easy.
"It will take six months for one of our guys to speed up.
Mr. varasker himself thinks the attitude of the car maker may change.
He noted that GM appointed the chief cyber security officer in September.
At the same time, he said car buyers should not be too worried before choosing a car with automatic braking or other anti-collision systems.
"Compared to being used against you in an attack, the chances of these things saving your ass are two separate purposes.
These things will definitely make you safer, not safer.