Remember the good old days, when having your car hacked meant having your vehicle’s key fob signal intercepted? Having to settle an insurance claim where your car was broken into with no visible sign of forced entry seems downright quaint compared to what automotive security experts are discussing these days.
Automobiles have gone high tech, and today sensors and embedded electronics can be found throughout even the least expensive cars. Combined with onboard communication technologies such as GPS, Bluetooth and Wi-Fi, our vehicles may just become the next battleground in an ongoing war against hackers.
In 2010, a Houston, Texas, auto dealership installed a system called Webtech Plus on customer vehicles; a small black box under a car dashboard that was tied into key systems giving it the ability to disable the car’s ignition system or honk the horn. The product provides car dealers a tool to remotely “nudge” customers who fall behind on payments, an alternative to sending a repossession team.
The reason this made news is that a former worker accessed the administration website using a stolen account and began disabling vehicles. More than 100 people ended up with cars that wouldn’t start or horns that wouldn’t stop honking before the employee was caught. People missed work, paid for unnecessary repairs, were stranded, and suffered embarrassment as their cars sat there, honking until the battery was disconnected.
An army of control systems
This is only a harbinger of what could happen. Some cars on the road today use 70 separate electronic systems that run 200 million lines of code, controlling everything from brakes to emission control, airbags, and the stereo. Ford‘s (NYSE:F) Sync system, which originally responded to 100 voice commands in 2007, is now capable of acting on 10,000 voice commands and includes Wi-Fi access. Electronic Control Units (ECUs) in cars allow different systems to communicate, which can, for example, enable them to coordinate the actions of brakes and the accelerator as part of a stability control function. The problem is, these communications could be faked.
Throughout this computerization of the car, cyber security has not been a priority. Businessweek reports that at a recent conference, experts were able to take control of a car’s safety systems using an infected audio CD. Given the built-in Bluetooth communications offered in many cars, eavesdropping on a vehicle’s occupants is another risk—albeit less of a safety issue than one of privacy.
An emerging market for security services?
Computer scientists have performed a controlled experiment where they were able to remotely compromise a car, start its engine, disable its brakes and coordinate this activity with another vehicle miles away. While there has been no confirmed case of someone utilizing this capability for malicious ends, the prospect is real enough that the National Highway Traffic Safety Administration (NHTSA) has become involved in cyber security research.
Hacking cars still isn’t easy, but the potential risk is there. If automakers don’t lock systems down, cyber security companies like Symantec (NASDAQ:SYMC) and Intel‘s (NASDAQ:INTC) McAfee and may have a new market opportunity beyond tackling smartphones. A computer virus exploiting your smartphone camera is one thing, but the thought of a hacker remotely shutting down thousands of vehicles simultaneously, stranding drivers in the middle of rush hour, may be enough to generate consumer demand for protective software. Expect the antivirus companies to take full advantage of this fear.