The December 2022 issue of IEEE Spectrum is here!

Close bar

How Secure Is Your New Car? About the Same as Your PC

Multiple Ports Of Entry To Hack Into Cars Available

2 min read
How Secure Is Your New Car? About the Same as Your PC

This week at the 31st IEEE Symposium on Security & Privacy, a paper will be presented by researchers from the Center for Automotive Embedded Systems Security (CAESS) titled, "Experimental Security Analysis of a Modern Automobile" that says they have demonstrated:

"that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input— including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on."

The researchers also say that an attacker can embed "malicious code in a car’s telematics unit and that will completely erase any evidence of its presence after a crash."

The researchers from CAESS -  a collaboration between researchers at the University of California San Diego and the University of Washington with a mission to help ensure the security, privacy, and safety of future automotive embedded systems - wanted to provide solid, experimental data, not just theoretical results, on what could happen during a hacking attack.

Not to put to fine a point on it, the researchers, whose work was supported by funding from the National Science Foundation, say that while automotive manufacturers have spent a lot of time worrying about car safety, the priority of car IT security may need to be raised a tad.

In a New York Timesarticle last week, one of the researchers, Professor Stefan Savage, a computer scientist at UCSD, was quoted as saying,

 "... you should expect that various entry points in the automotive environment are no more secure in the automotive environment than they are in your PC."

Hmm, makes me wonder how soon it will be before your car dealership starts offering you a yearly subscription to virus protection software for your car. 

Hacking into cars' electronic systems is not new, of course. Almost since car electronic systems have appeared, people have been tying to exploit them, for instance, by hacking into cars' wireless key systems or into cars' ECUs to boost engine output. Hacking GM's On-Star system seems especially popular.
You can read more about the use of software in cars in an article I wrote last year for IEEE Spectrum here.

The Conversation (0)

We Need More Than Just Electric Vehicles

To decarbonize road transport we need to complement EVs with bikes, rail, city planning, and alternative energy

11 min read
A worker works on the frame of a car on an assembly line.

China has more EVs than any other country—but it also gets most of its electricity from coal.

VCG/Getty Images

EVs have finally come of age. The total cost of purchasing and driving one—the cost of ownership—has fallen nearly to parity with a typical gasoline-fueled car. Scientists and engineers have extended the range of EVs by cramming ever more energy into their batteries, and vehicle-charging networks have expanded in many countries. In the United States, for example, there are more than 49,000 public charging stations, and it is now possible to drive an EV from New York to California using public charging networks.

With all this, consumers and policymakers alike are hopeful that society will soon greatly reduce its carbon emissions by replacing today’s cars with electric vehicles. Indeed, adopting electric vehicles will go a long way in helping to improve environmental outcomes. But EVs come with important weaknesses, and so people shouldn’t count on them alone to do the job, even for the transportation sector.

Keep Reading ↓Show less