by
Mark Ollig
Today’s
cars are equipped with sophisticated computer technologies, providing us with
increased safety, improved mechanical efficiency, and some impressive high-tech
devices.
It
is said tens of millions of lines of computer programming instruction code are
used for the digital components inside newer cars.
However,
a major concern has arisen.
All
of us know computers can be “hacked” into and taken over by computing
enthusiasts with the right technical knowledge and access.
Today’s
major concern is: cyber-car hacking.
Car
thieves have figured out how to construct a wireless-operating gadget with the
electronics and computer programming code required for gaining access into our
cars and their internal computer controlling units.
Yes
indeed, folks, yours truly watched a video of a person approaching a newer car
and unlocking its doors with a “mystery gadget” resembling a garage door
opener.
The
first thought which came into my mind was “uh oh, they figured it out.”
The
bad guys are now using wireless computing hacking methods to break into our
cars.
Another
video shows how a newer car in California was recently hacked. The car owner’s
dash camera recorded the culprit while standing in front of the car.
The
video shows this person using the handheld mystery gadget to wirelessly unlock
the car doors – emulating the action of the car owner’s keyless entry or remote
smart-key fob (frequency operated button).
The
intruder hurriedly got inside the car.
After
apparently searching for valuables, he got out of the car and quickly walked
down the street – most likely to attempt another cyber-car hacking.
So,
someone has figured out the code needed to manipulate our cars’ short-range
keyless remote fob and command the doors to unlock . . . wonderful.
Oh,
by the way, many smart-key fobs also open the trunk; and allow the starting of
the engine using the car’s pushbutton ignition – making it easy pickings for a
car thief using the mystery gadget.
In
2011, two University of Washington and University of California-San Diego
researchers were able to wirelessly hack into and take control of cars.
They
thoughtfully withheld details of the specific car models they were able to hack
into in order to prevent potential cyber-car hackers from using the knowledge.
These
same researchers published two studies explaining the weaknesses of today’s
computer-controlled automobiles.
One
study is called “Comprehensive Experimental Analyses of Automotive Attack
Surface.” You can read it at: http://tinyurl.com/bytes-univ2.
In
this study, I noted on page 3 a diagram showing the digital input/output (I/O)
channels of a modern car’s Electronic Control Units (ECUs).
Access
to these I/O channels can be obtained via the following methods:
•
Indirect physical access.
•
Short-range wireless access (Bluetooth).
•
Long-range wireless access.
These
I/O channels include the On-Board Diagnostic system information (OBD), which
normally uses a 16-pin connector to physically interface with a display box to
read the car’s stored codes for various operations, and to diagnose engine and
electrical problems. The OBD information is usually retrieved via direct
physical access; however, a Bluetooth interface is obtainable for wirelessly
gathering OBD information from the car.
The
study suggests a car’s telematics (telecommunications and informatics) control
unit is possibly the most vulnerable to a long-range wireless attack.
Telematics
integrates with the Earth-orbiting satellite Global Positioning System (GPS),
and accesses the Internet via cellular voice and data networks.
Wireless
roadside assistance services (such as Safety Connect) can link with the car’s
telematics device and activate the code needed to remotely unlock a car door.
Telematics
connections with cellular channels (which are accessible from a long range);
provide another point of entry for potential cyber-car attackers.
“Our
own group documented experiments on a complete automobile, demonstrating that
if an adversary were able to communicate on one or more of a car’s internal
network buses, then this capability could be sufficient to maliciously control
critical components across the entire car,” the study stated.
We
may soon be hearing stories about “wireless drive-by cyber-auto attacks.”
This
phrase can be defined as when a cyber-car hacker inside the automobile driving
next to you, wirelessly takes control and manipulates your car’s computerized
electronic systems by accessing an I/O channel into one of your vehicle’s
control systems.
Easy
folks, let’s not panic just yet.
Combating
cyber-car hacking includes using application-level authentication, code
encryption, and security hardening of the car’s underlying computer-coding
platform.
A
cyber-car hacker, using an illegally rigged, wireless car door unlocking access
device, sometimes just wants to remove the sellable items found inside the
automobile.
One
bit (no pun intended) of common sense from your car-caring columnist: do not
keep valuables inside your car or trunk when it’s unattended.
I
expect to see a “vehicle cyber-defense” organization established soon to combat
these cyber-car hackers – if one hasn’t been established already.
Automobile
makers need to be focused on delivering new cars with built-in cyber-security
safeguards.
They
also need better encryption defenses for the wireless smart-key fobs, and
telematics in order to protect them from being hacked into.
The
following are two video news reports uploaded to YouTube showing these
cyber-car thieves in action.
Both
http://tinyurl.com/bytes-abc7-1 and http://tinyurl.com/bytes-abc7-3 show
surveillance video of cyber-car thieves using the mystery gadget to enter
locked cars.
I
think back to simpler car driving days, when I cruised around in a 1977
Plymouth Volaré.
Its
car door unlocked using a physical key.
Also,
the Volarés’ “advanced” electronics and wireless features were contained inside
the AM-FM radio, and its 40-channel CB radio, which I regularly used.
