by | | 0 comment(s)

Hacking automobiles? Yes... that's happening.


What can automobile manufacturers learn from companies like Apple? More than one would think, especially when it comes to security features.

Automotive technology has made some incredible leaps since the early days, but those advancements have always been focused on performance over safety, or security.

While they are not MacBooks, Cars are packing a lot more technology these days, from entertainment systems like CarPlay, that connect to an iPhone or iPad to deliver music and local information, to other systems that track driving habits and send it to insurance companies, as part of a growing range of reward programs.

Car makers should listen to Apple about security

Automobiles are not only methods of private transportation: they now fall into the definition of complete, internet-enabled, traveling computers, and this connectivity not only pertains to entertainment, or climate control. Some of these systems are also likely to actively affect the way we drive. This is why car manufacturers should serious consider taking a page from Silicon Valley tech companies like Apple, who have dedicated decades on secure methods of authentication and access to software and hardware.

As of late, a team of researcher from San Diego has found a way to hack into a dongle, which was connected to a 2013 Chevy Corvette. The device was very similar to those provided by Progressive Insurance, to reward good drivers with discounts.

The researchers were able to communicate with the vehicle and send commands via text message, that would activate the car’s windshield wipers, activate the brakes, and, get this: they were able to disable the brakes altogether, and it took less work that it would require hacking past a MacBook’s login screen.

How was this possible? A little trip back in history might help.

Rewind to 1983, a team of German researchers at Bosch, developed what automotive manufacturers know as the “CAN Bus”, which is a microcontroller designed to handle a variety of functions, and help mechanics troubleshoot problems with many different systems, including the engine.

The first CAN Bus controller was built by Philips and Intel, in 1987, and has been present in vehicles ever since it was adopted in the manufacturing of the 1988 BMW 8 Series, constantly evolving through different iterations until now, to a point where safety and tracking systems like OnStar and and Uconnect can interact with a vehicle’s ignition system and other systems as well. The big problem is that these systems are not encrypted, and manufacturers rely on the assumption that car thieves won’t bother going through the trouble of acquiring the knowledge to hack into a vehicle’s computer system. In newer vehicles that use connected technology for entertainment or information, the ability to access the CAN Bus means the ability to, not only communicate with a vehicle in direct proximity, but also the ability to communicate and send commands to it, remotely, over an Internet connection.

Encrypting the CAN Bus from outside communication is but one step to secure future vehicles from being taken over for criminal purposes, stolen or tampered with. User authentication is a very important thing that should be part of the equation, especially as biometric recognition technology, and other types of secure authentication have always been commonplace in MacBooks and iPhones, making them harder, and often impossible to steal.


You must be logged in to post comments.