Day: March 17, 2011

Your car now needs a different kind of firewall

FirewallGrowing up in my father’s auto repair business, I came to understand that a car’s firewall was that piece of the body that separated the engine compartment from the passengers.  Back in the day (as my teen son is wont to say despite sporting such a paltry number of days), this was pretty essential hardware as engine fires were not uncommon.  The advent of several safety systems as well as the demise of carburetors has made such fires comparatively rare.  But modern digital automotive systems now have different safety issues requiring a different sort of firewall.

Security experts from the University of California, San Diego, and the University of Washington have successfully hacked into a car’s onboard control system using a variety of attack vectors. In one case, they used a car’s cellular connection (similar to OnStar) to access the vehicle’s computer.  In another, they took control using an Android phone connected to the car’s Bluetooth interface.  In the third case, an MP3 music file, loaded into the car’s sound system, was infected with a Trojan that successfully loaded itself into the vehicle’s firmware.

Now in your average car, there is a limited amount the hacker can do once he gains access to the firmware.  He could futz with the fuel mix and mess up your gas mileage, or change all the presets on your radio.  While this is annoying, it’s not terribly dangerous.  It’s also not interesting enough to warrant the efforts of would-be hackers unless this is their thesis project.

However, many higher-end cars may be unlocked, started, or in the case of vehicles with a self-parking features, even driven away under computer control.

While this is a scary prospect, it mostly reflects car designers not yet realizing the impact of networking the vehicle control systems.  Cars will simply need to employ the same sorts of firewalls and security software used by other computer systems.  Which also means the same sort of constant updating to address more recent exploits and attack vectors will also be required.

Ironically, I left the automotive field to pursue a career in computers.  I know my life will have come full circle when the first family member calls because their car has a virus.