Skip to main content

McAfee: Hackers Going After Cars Next

Wednesday McAfee released a report called "Caution: Malware Ahead" (pdf) which talks about electrical systems that have become commonplace in today’s cars, and the emerging security risks surrounding those systems.

"The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them," McAfee said. "Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise."

Airbags, radios, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication systems -- all of these consist of embedded devices that could be susceptible to hacking in left unchecked. To make matters worse, the automobile industry is continually adding features and technologies to further personalize the driving experience, to keep the driver and the passengers connected to the world.

"Consumers want to stay connected, even in their cars, which is motivating automobile manufacturers to increase integration between cars and consumer devices such as smartphones and tablets," McAfee said. "However, in the rush to add features, security has often been an afterthought. The report highlights examples of how automotive systems have been compromised."

Some of the security risks the report covers includes remotely unlocking and starting car via cell phone, disabling a car remotely, tracking a driver’s location, activities and routines, stealing personal data from a Bluetooth system, disrupting navigation systems, disabling emergency assistance and more cybercriminal activity.

"Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available," McAfee said. "Other researchers have showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters."

To read the full report, check out McAfee's document here.

  • eddieroolz
    Frankly there are some places in the world that should not be connected to the internet. A car is one. Another would be the government classified computer system.
    Reply
  • toastninja17
    Really doesn't surprise me at all...well, actually it kind of did, but only before I realized how much of a 'duh' moment this is for the auto industry.
    Reply
  • klavis
    Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available.
    That made me laugh. It's like saying, "Hey, we did some research over here and you know what, we found out that if someone has access to your door lock, shit, they can unlock it!" It's so obvious, if you have access to the controlling mechanism of something you will in fact have control of it.

    Now enough with that, I'm surprised this hasn't been raise before, it's not a new issue. When cars started to do wireless entry and start in the 90s I thought it was a bad idea. One person could break into a car without to much difficulty if they had the right device. For example, watch Ghost Dog, you'll see what I'm talking about. People should just be lucky criminals haven't taken the time to go high tech, eventually they will. They should have known that well over a decade ago.
    Reply
  • jj463rd
    My 1970's Volkswagen Beetle has a hard time getting online on the Internet.
    Reply
  • lucky015
    I think I've had enough of mediocre companies that should have gone out of business 10 years ago making wild guesses to en-site panic
    Reply
  • jsc
    "Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available," McAfee said. "Other researchers have showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters."
    Well, duh!
    Reply
  • back_by_demand
    Tracking by RFID tabs from 40m?

    How about tracking by number plate recognition cameras from a lot, lot further away.
    Reply
  • What, like McAfee are going to come up with some solution that will protect our cars like they do our Computers. It would be like giving the keys away to the criminal, no need for them to even try hacking in if McAfee is on it!

    Dont beleive me, here look at this

    http://www.virusbtn.com/vb100/RAP/RAP-quadrant-Feb-Aug11-850.jpg

    Sure use McAfee if you only want 4/5ths protection, and this quadrant is one of their best!

    The worst thing about McAfee is it wont die now because Intel owns them, what a bloody shame!
    Reply
  • alyoshka
    FEAR rules the world, I think some brainy chap at McAfee has figured it out ......
    Now you need to get a Certified AntiVirus for your car with the Insurance or it's going to be a crime.....
    Reply
  • __Miguel_
    back_by_demandTracking by RFID tabs from 40m?How about tracking by number plate recognition cameras from a lot, lot further away.Yep, plus no matter how directional your RFID scanner is, the camera can actually pinpoint your location, while the RFID can only get you a general area. Not to mention with a camera you can, well, record faces and such...

    Also, tracking by RFID-like tags has been in use for about two decades in Portugal, for toll payments. You pass under an archway, your tag gets read (you have to buy one, btw), then at the end of the month the company automatically gets the money from your bank account. Simple, and can save A LOT of time, especially in high-traffic tolls. In recent years, this system has even been extended to a few underground parking spaces and gas stations. Can't see a problem with it, you can't know where *I* am, you can only know where *my car* is, and I'm not the only one driving it...

    In more relevant matters, I do think this might become a problem in the future. However, it can be more or less controllable: you just need to completely separate some parts of the car electronics from the rest.

    Let's face it: apart from very limited interventions at a garage, there is, nor should there be, any reasons for having security features (and the central CPU) of a car communicating with anything else, thus shouldn't even be allowed access to an external network (preferably, only the power source should be shared, if really needed).

    At the same time, entertainment appliances and GPS have NO need to be sharing information with, well, anything under the bonnet, really. They might need to interface with an external network and with users, but that's it. And, if something gets corrupted/catches a virus/whatever, it won't compromise the fundamental security features.

    It seems to me it's mostly a design problem, really. Sure, you might need to firewall your car (which anyone with a carputer accessing external networks already does, or should do, anyway), or even run AV software, but provided you keep security features and entertainment/location features unable to share data between them, you should be fine.

    Cheers.

    Miguel
    Reply