Back in the good old days paint chips contained healthy quantities of lead, cars ran on leaded gasoline, and a lead foot directly pulled open the throttle of your hot-pink ’59 Cadillac without any pesky computers interfering. It also meant that ‘hackers’ were limited to methods such as bricks and slim jims to steal your music. Well, the times, they are changing.
As human civilization (d?)evolves we demand that more and more electronic gadgets, gizmos, doo-hickeys, and whatchamawhosits be crammed into our automobiles. Modern cars contain everything from sat-nav systems, Bluetooth-enabled stereos, and cellular data links to wireless tire pressure monitors and mini beer fridges. This is all well and good for checking Facebook, while switching the song streaming off of your JesusPhone, while eating your Big Mac and steering with your knees, safe in the knowledge that your tires are fully inflated, but lurking beneath this awesome feat of motoring skill are some pretty scary security risks.
As with just about anything else, the larger and more complex a system is, the more attack vectors are exposed for fun-loving file-sharers with too much equipment and time on their hands. Bruce Schneier recently posted a little diddy on his blog linking to several articles and papers about a group of ‘researchers’ who were able to wirelessly ‘hack’ an automobile through its tire pressure sensor system allowing them to turn on warning lights, or even crash the vehicles ECU entirely.
Like many security ‘research projects’ this attack was demonstrated as proof of concept, and no real world mayhem has seemed to ensue, yet. The problem is that electronics in automobiles are here to stay, and will only get more complex with time which introduces more ways for hackers to mess with our heads. Currently the electronic sub-systems in automobiles are linked together using an internal network called a CAN-bus (controller area network), which allows all the gadgets to communicate with each other without needing a host computer to translate for them. Using this network the control units for individual systems can connect to other control units and have them perform a task (for instance the steering controller could send a signal to the suspension controller telling it to change some settings as the car enters a sharp turn.) This link is important and necessary for everything to work in concert, but it also means that if you can remotely penetrate one subsystem, there’s a good chance you can manipulate the other systems on the car’s network as well.
Jacking with your roommate’s tire pressure warning light is one thing, but it starts to get scary when you realize that many modern cars contain data transceivers that could potentially communicate with each other without the driver’s knowledge. Hypothetically, a malicious worm could be written for this purpose which could copy itself onto neighboring vehicles in dense traffic or at stop lights. Perhaps this worm could have the capability of crashing the vehicle’s ECU at a certain time on a certain day resulting in mass quantities of stalled vehicles clogging the roadways. Even worse, such a worm could possibly disable your armrest beer fridge resulting in a warm brew.
The way we see it there is only one way to thwart the onslaught of such an automotive Armageddon. If every automobile from this day forth were required to run OS X, any conceivable security threat would surely be neutralized by the infallible operating system. Seriously, why has nobody thought of this before? Cupertino, I’ll be here when you feel like sending that comission check.S|A