Santa Clara, Calif.-based McAfee Inc. recently released a report on the automotive industry called “Caution: Malware ahead.” While the report didn’t specifically name any incidents that have stemmed from hackers taking control over any aspect of cars, it did suggest that this is a very real possibility, particularly because of how much technology is in cars now, and how much will be in them going forwards.
Tim Fulkerson, director of product pricing strategy for McAfee, said “we’re starting to see various university research-type of work that demonstrates that these threats are very possible and even indications that various technologies are, in fact, being used to create various exploits.”
He added that he doesn’t think this is reason to panic, yet. He did say, however, that it’s something to be aware of as “car manufacturers aren’t in the business of securing cell phone technology hacks or Bluetooth technology hacks.” He also pointed to recent U.S. legislation that mandates RFID sensors be added to tires to track air pressure.
Dennis DesRosiers, president at Richmond Hill, Ont.-based DesRosiers Automotive Consultants Inc., agrees that, while current cars aren’t without risk to attack, automotive manufacturers have taken into consideration the risks of adding more tech to cars.
“Vehicles have also, for decades now, become very electronic. Everything is monitored electronically, everything is run electronically. The average vehicle today is more sophisticated than the lunar lander was,” he said. “The features in a vehicle today have provided incredible capability for consumers. At the same point (for every capability, it) opens up a vulnerability somewhere else.”
Fulkerson said that, “probably on average, 10 million lines of code are in cars these days,” which may not be something the average consumer considers.
This can lead to an odd situation where the average car buyer just plain doesn’t know how much computerization is in a car. A recent car buyer might say, “Gee whiz, I just bought a vehicle, I’m just driving back and forth to work. No, you’re driving a computer. It happens to have four wheels instead of a box that sits under your desk but you’re driving a very sophisticated electronic device,” DesRosiers said.
What that implies, DesRosiers said, is that while the vulernabilities to cars are not quantifiable right now, the fact that we rely on computers for so many of the functions we take for granted–like power-steering, anti-lock brakes and others–if someone we’re able to disable any of these features, the results could be disastrous.
“All of the electronics that have addressed safety issues have not really meant much improvement in the overall safety of the vehicle. It’s obviously helped, but what’s happened is that consumers have lowered their driving capability to match the amount of safety in the vehicle,” DesRosiers said.
For a real life example, both DesRosiers and Fulkerson recalled the story of a Detroit car dealership that outfitted its fleet with remote kill switches. Fulkerson said that, after purchase, “if people didn’t make payments on those leased vehicles the auto dealership could activate the kill switch and deactivate the car.”
DesRosiers said that “it all ended up in court because they were disabling vehicles as they were going down expressways. How do you know that when you disable something, it’s in a safe position?”
He thinks that the mentality of consumers will have to change in reaction to the amount of technology in cars. While everyone who buys a computer knows it is vulnerable to viruses and attacks the minute they get home, “a very small percentage of the population realizes that a car, in many respects, is just a sophisticated computer. A very sophisticated electronic device.”