.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto
That nice, new computerizedcar you just bought could be hackable.
Of course, your car is probably not a high-priority target for most malicious hackers. But security experts tell CNET that car hacking is starting to move from the realm of the theoretical to reality, thanks to new wireless technologies and evermore dependence on computers to make cars safer, more energy efficient, and modern.
Now there are computerized systems and they have control over critical components of cars like gas, brakes, etc., said Adriel Desautels, chief technology officer and president ofNetraGard, which does vulnerability assessments and penetration testing on all kinds of systems. There is a premature reliance on technology.
Illustration for a tire pressure monitoring system, with four antennas, from a report detailing how researchers were able to hack the wireless system.
)
Often the innovations are designed to improve the safety of the cars. For instance, after a recall of Firestone tires that were failing in Fords in 2000, Congress passed the TREAD (Transportation Recall Enhancement, Accountability and Documentation) Act that required that tire pressure monitoring systems (TPMS) be installed in new cars to alert drivers if a tire is underinflated.
Wireless tire pressure monitoring systems, which also were touted as a way to increase fuel economy, communicate via a radio frequency transmitter to a tire pressure control unit that sends commands to the central car computer over the Controller-Area Network (CAN). The CAN bus, which allows electronics to communicate with each other via the On-Board Diagnostics systems (OBD-II), is then able to trigger a warning message on the vehicle dashboard.
Researchers at the University of South Carolina and Rutgers University tested two tire pressure monitoring systems and found the security to be lacking. They were able to turn the low-tire-pressure warning lights on and off from another car traveling at highway speeds from 40 meters (120 feet) away and using low-cost equipment. A video about the research is availablehere.
While spoofing low-tire-pressure readings does not appear to be critical at first, it will lead to a dashboard warning and will likely cause the driver to pull over and inspect the tire, said the report (PDF). This presents ample opportunities for mischief and criminal activities, if past experience is any indication.
TPMS is a major safety system on cars. Its required by law, world of warcraft cheap gold but its insecure, said Travis Taylor, one of the researchers who worked on the report. This can be a problem when considering other wireless systems added to cars. What does that mean about future systems?
The researchers do not intend to be alarmist; theyre merely trying to figure out what the security holes are and to alert the industry to them so they can be fixed, said Wenyuan Xu, assistant professor in the Department of Computer Science and Engineering at the University of South Carolina. We are trying to raise awareness before things get really serious, she said.
There has been research(PDF) done on security problems with keyless entry systems in cars. Anda report in May highlighted other risks with the increased use of computers coordinated via internal car networks. For that report researchers from the University of Washington and University of California,permalink. San Diego, tested how easy it would be to compromise a system by connecting a laptop to the onboard diagnostics port that they then wirelessly controlled via a second laptop in another car. Thus, they were able to remotely lock the brakes and the engine, change the speedometer display, as well as turn on the radio and the heat and honk the horn.
Granted, the researchers needed to have physical access to the inside of the car to accomplish the attack. Although that minimizes the likelihood of an attack, its not unthinkable to imagine someone getting access to a car dropped off at the mechanic or parking valet.
The attack surface for modern automobiles is growing swiftly as more sophisticated services and communications features are incorporated into vehicles, that report (PDF) said. In the United States, the federally-mandated On-Board Diagnostics port, under the dash in virtually all modern vehicles, provides direct and standard access to internal automotive networks. User-upgradable subsystems such as audio players are routinely attached to these same internal networks, as are a variety of short-range wireless devices (Bluetooth, wireless tire pressure sensors, etc.).
Engine Control Units
The ubiquitous Engine Control Units themselves started arriving in cars in the late 1970s as a result of the California Clean Air Act and initially were designed to boost fuel efficiency and reduce pollution by adjusting the fuel and oxygen mixture before combustion, the paper said. Since then, such systems have been integrated into virtually every aspect of a cars functioning and diagnostics, including the throttle, transmission, brakes, passenger climate and lighting controls, external lights wow gold cheap , entertainment, and so on, the report said.
Its not just that there are so many embedded computers, its that safety critical systems are not isolated from non-safety critical systems, such as entertainment systems, but are bridged together to enable subtle interactions, according to the report. In addition, automakers are linking Engine Control Units with outside networks like global positioning systems. GMs OnStar system, for example, can detect problems with systems in the car and warn drivers, place emergency calls, and even allow OnStar personnel to remotely unlock cars or stop them, the report said.
In an article entitledSmart Phone + Car = Stupid? on the EETimes site in late July, Dave Kleidermacher noted that GM is adding smartphone connectivity to most of its 2011 cars via OnStar. For the first time, engines can now be started and doors locked by ordinary consumers, from anywhere on the planet with a cell signal, he wrote.
Car manufacturers need to design the systems with security in mind, said Kleidermacher, who is chief technology officer atGreen Hills Software, which builds operating system software that goes into cars and other embedded systems.
You can not retrofit high-level security to a system that wasnt designed for it, he told CNET. People are building this sophisticated software into cars and not designing security in it from the ground up, and thats a recipe for disaster.
Representatives fromGM OnStar were not available for comment late last week or this week, a spokesman said.
Technology in cars is not designed to be secure because theres no perceived threat. They dont think someone is going to hack a car like theyre going to hack a bank, said Desautels of Netragard. For the interim, network security in cfree realms go kart driverars wont be a primary concern for manufacturers. But once they get connected to the Internet and have IP addresses fr pet faq, rs money I think theyll be targeted just for fun.
The threat is primarily theoretical at this point for a number of reasons. First, there isnt the same financial incentive to hacking cars as there is to hacking online bank accounts. Secondly Dorian Silvervales Guide to the Birthday Bash! Comments 812, there isnt one dominant platform used in cars that can give attackers the same bang for their buck to target as there is on personal computers.
The risks are certainly increasing because there are more and more computers in the car, but it will be much tougher to (attack) than with the PC, said Egil Juliussen, a principal analyst at market researcher firmiSuppli. There is no equivalent to Windows in the car, at least not yet, so (a hacker) will be dealing with a lot of different systems and have to have some knowledge about each one. It doesnt mean a determined hacker couldnt do it.
But Juliussen said drivers dont need to worry about anything right now. This is not a problem this year or next year, he said. Its five years down the road, but the way to solve it is to build security into the systems now.
Infotainment systems
In the meantime, the innovations in mobile communications and entertainment arent limited to smartphones and iPads. People want to use their devices easily in their cars and take advantage of technology that will let them make calls and listen to music without having to push any buttons or touch any track wheels. Hands-free telephony laws in states are requiring this.
Millions of drivers are using theSYNC system that has shipped in more than 2 million Ford cars that allows people to connect digital media players and Bluetooth-enabled mobile phones to their car entertainment system and use voice commands to operate them. The system uses Microsoft Auto as the operating system. Other cars offer less-sophisticated mobile device connectivity.
A lot of cars have Bluetooth car kits built into them so you can bring the cell phone into your car and use your phone through microphones and speakers built into the car, said Kevin Finisterre, lead researcher at Netragard. But vendors often leave default passwords.
Ford uses a variety of security measures in SYNC, including only allowing Ford-approved software to be installed at the factory and default security set to Wi-Fi Protected Access 2 (WPA2), which requires users to enter a randomly chosen password to connect to the Internet. To protect customers when the car is on the road and the Mobile Wi-Fi Hot Spot feature is enabled, Ford also uses two firewalls on SYNC, a network firewall similar to a home Wi-Fi router and a separate central processing unit that prevents unauthorized messages from being sent to other modules within the car.
We use the security models that normal IT folks use to protect an enterprise network, said Jim Buczkowski,Three-Wheel Tractors. global director of electrical and electronics systems engineering for Ford SYNC.
Not surprisingly, there is a competing vehicle infotainment platform being developed that is based on open-source technology. About 80 companies have formed theGenivi Alliance to create open standards and middleware for information and entertainment solutions in cars.
Asked if Genivi is incorporating security into its platform from the get-go, Sebastian Zimmermann, chair of the consortiums product definition and planning group, said it is up to the manufacturers that are creating the branded devices and custom apps to build security in and to take advantage of security mechanisms provided in Linux, the open-source operating system the platform is based on.
Automakers are aware of security and have taken it seriously…Its increasingly important as the vehicle opens up new interfaces to the outside world, Zimmermann said. They are trying to find a balance between openness and security.
Another can of security worms being opened is the fact that cars may follow the example of smart phones and Web services by getting their own customized third-party apps. Hughes Telematicsreportedly is working with automakers on app stores for drivers.
This is already happening to some extent, for instance, with video cameras becoming standard in police cars and school buses runescape cash , bringing up a host of security and privacy issues.
We did a penetration test where we had a police agency that has some in-car cameras, Finisterre of Netragard said, and we were able to access the cameras remotely and have live audio and video streams from the police car due to vulnerabilities in the manufacturing systems.
Im sure (eventually) there is going to be smart pavement and smart lighting and other dumb stuff that has the capability of interacting with the car in the future Inside Social Games,Mabination. he said. Technology is getting pushed out the door with bells and whistles and security gets left behind.
Updated 3:31 p.m. PDTwith link to research on security vulnerabilities in keyless entry systems. and Sept. 1 at 10:09 a.m. PDTwith link to video on tire pressure monitoring system research.
Elinor MillsElinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.
HP CEO: Googles, Facebooks calling us due to HDD shortageHewlett-Packard CEO Meg Whitman says big companies like Google and Facebook are calling HP to get servers because of the shortage of hard disk drives.
Nanotech – The Circuits Blog
Production starts for iPad 3 QXGA display: Analyst Production is under way on the display for the next-generation iPad, an analyst tells CNET. The high-resolution QXGA display will be the centerpiece of the so-called iPad 3.
Nanotech – The Circuits Blog
An inside look at the testing of Windows Phone 7In part three of a behind-the-scenes look at the development of Microsofts new phone software, Ina Fried takes a look at Redmonds massive testing operation.
Beyond Binary
Forget six degrees–we are actually closerFacebook study finds that the average number of people who separate any two individuals in the world is 4.74.
Digital Media
Bill Gates to testify today in Novell suit against MicrosoftGates is expected to testify in a $1 billion antitrust lawsuit in which Novell has accused Microsoft of intentionally damaging sales of its former WordPerfect software.
Politics and Law
Acoustic sensors help cops pinpoint gun fire (video)Engineers at Mountain View, Calif.-based SST have come up with technology that uses acoustic sensors to help police pinpoint the exactly location of a gunshot as soon has it goes off.
Cutting Edge
$4.23 a day: On the timing of a Black Friday iPad 2 purchaseRunning the numbers on the real costs of buying a new iPad 2.
Crave
Samsung lights up new line of LED bulbsLED lights are, after all, electronics. Samsung is among a few consumer electronics companies pushing into LED lighting with a new line of consumer light bulbs.
Green Tech
.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto
href=
Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.
.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe, .mad_center a img margin-left: auto; margin-right: auto
href=
.mad_center text-align:center .mad_center div, .mad_center table, .mad_center iframe fr blacksmit, .mad_center a img margin-left: auto; margin-right: auto
Hello I am Dylan Roberts and Im new to Free Realms Insider. I just need friends who can help me…
