Incident Response, TDR

Researchers consider threat of car hacking

McAfee's year-old team of elite hackers has been researching a place many people wouldn't think is vulnerable to attack – the automobile.

This week, Reuters reported that the group, known as TRACE (Threat Research and Counterintelligence Experts), has been exploring the ways that built-in automobile computers and electronic communications systems are susceptible to compromise.

Over the years, cars have increasingly been designed with internal connectivity features for mobile devices and other systems supporting in-vehicle infotainment,” or “IVI," defined by McAfee's parent Intel as integrated in-car entertainment and information, which includes amenities such as navigation, social networking, gaming and video capabilities.

On Thursday, Bruce Snell, technical marketing manager at McAfee Security, told SCMagazine.com that, while there have been no reported incidents of malicious car hacks, research in the academic realm had been able to launch those kinds of attacks.

"As the TRACE group, we like to keep our eye on the next big thing that people should be concerned about," Snell said.

So far, researchers have been able to remotely program vehicles to accelerate, brake, and be tracked via GPS.

"There have been documented research cases of rewriting the on-board computer through IVI devices, like an [infected] CD," Snell said.

TRACE plans to work with car manufacturers to help them implement safer practices.

In 2010, Wade Trappe and Marco Gruteser, associate professors in the electrical and computer engineering department at Rutgers University in New Jersey, collaborated on studies which showed ways car systems could be hacked. They were able to show that IT security threats to automobiles were legitimate, even if they hadn't been exploited yet.

"All of the academic work to date has been trying to show there are vulnerabilities that people haven't even thought of," Trappe told SCMagazine on Thursday.

For example, the research team discovered ways to hijack sensor signals that communicated tire pressure to the car's on-board computer.

"We were able to basically figure out how the communication works, then spoof or imitate it," Trappe said. "For instance, we could tell the computer on board that the front right tire was flat. We cued things to happen."

In a blog post last year, Gert-Jan Schenk, McAfee's president of business operations in Europe, the Middle East and Africa, discussed the trend of more cars being outfitted with computing capabilities. 

“The automotive industry is experiencing a major shift," he wrote. "Computing is used everywhere, from the design, to manufacturing, to the car in itself."

As automobiles have moved from being primarily mechanical to "intelligent," security threats have also evolved.

“We also came to the conclusion that the ideal way to secure car computing was to include the security from the ground up rather than as an afterthought,” Schenk wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.