• Jun 17th 2013 at 12:00AM
  • 313
Experts fear cyber terrorists could target cars, tinker... Experts fear cyber terrorists could target cars, tinkering with software in a way that causes accidents. (AP photo).
Imagine this grisly scenario: You're driving down the interstate with the cruise control set at the speed limit. Without warning, your car accelerates. The speedometer pushes past 100 miles per hour. Suddenly, the car turns left and crashes into the concrete median.

If you are lucky enough to survive, you emerge from your wrecked vehicle and see crashes all along the highway. Hundreds of identical, high-speed accidents have taken place at the same time.

Although it sounds like a scene out of a Stephen King novel, experts are worried that sort of mass-scale automotive terrorist attack could actually happen here. As cars become reliant on software and electronics to run everything from infotainment to engines and brake systems, they are increasingly vulnerable to people with malicious intent.

"Cars basically look like they have for 50 years, but underneath they've changed dramatically," said John D. Lee, a mechanical engineering professor at the University of Wisconsin. "A car is a rolling computer network with 80 to 100 microprocessors and 100 million lines of code."

It's become such a concern that last year, the National Highway Traffic Safety Administration quietly opened up a cyber terrorism department to keep track of software issues that could make cars vulnerable to attack.

Software is entwined with every conceivable system aboard today's vehicles, linking everything from brakes, powertrain and throttle to infotainment, Bluetooth connection and MP3 players.

Connected cars -– or rolling computers -– hold great promise for automotive safety. Human error causes more than 90 percent of the 10.8 million motor-vehicle accidents in the U.S. each year, according to Mitch Bainwol, chairman and CEO of the Alliance of Automobile Manufacturers. Safety developments both inside the car and along the highway could dramatically reduce accidents and fatalities.

But there is a dark side. Experts fear terrorists could launch an attack by breaching security in the software of a particular automaker or, in the years ahead, through the wireless infrastructure being developed to provide information for connected cars.

Critical systems hacked

"Can some 14-year-old in Indonesia shut a bunch of cars down because everything is wired up?" That's the question U.S. Senator Jay Rockefeller posed to a panel of automotive experts during a Senate Commerce Committee hearing last month.

The short answer is yes. Researchers from the University of Washington and University of California-San Diego hacked into an ordinary, mid-priced, late-model sedan available to any consumer. They unlocked car doors, eavesdropped on conversations, turned the engine on and off and compromised critical vehicle systems.

In a follow-up experiment, the researchers, affiliated with the Center for Automotive Embedded Systems Security, breached all sorts of security measures, uploading malware from a doctored CD and obtaining "full control" over the sedan's telematics unit by calling the car's cell phone, according to their research.

They also compromised a Pass-Thru device, which helps auto technicians diagnose problems, which allowed them to subsequently connect to every car that later was plugged into that device. This was particularly troublesome, because it meant hackers could infiltrate more than one car from a single entry point.

"We demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input –- including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on," the CAESS researchers wrote.

Another daunting conclusion that presents complications for crash investigators: The researchers successfully attacked the car's telematics unit in a way that "will completely erase any evidence of its presence after a crash."

Since the studies were completed, in 2010 and 2011, much has changed, and not necessarily for the better.

Wireless multiplies potential risks

Automakers are now wirelessly updating software. Customers can use services like OnStar's RemoteLink to unlock their doors and monitor their cars on their iPhones. Researchers are beginning to connect cars both with one another and through smart infrastructure that will help govern self-driving cars. All these wireless transactions multiplies risk.

Along those lines, the NHTSA recently opened a special division dedicated to automotive cyber security threats. The Electronic Systems Safety Research Division employs 12 people with engineering and software backgrounds and investigates "cyber vulnerability" that presents "emerging challenges for auto safety," according to NHTSA.

But several congressmen questioned whether NHTSA had the necessary expertise to handle such an assignment, noting the agency needed to seek outside assistance from NASA there years ago during its investigation of Toyota's unintended acceleration accidents.

During the commerce committee hearing on May 15, NHTSA administrator David Strickland told the congressmen he was satisfied with the staff on hand – he intends to add more – and, seeking to reassure the committee, said he understood "we don't want to be behind the eight ball on this."

Ignoring the CAESS study, Strickland said, "What we do know, at this point right now, is there has never been an unauthorized accessing of a vehicle currently on the road today."

But especially as vehicle-to-vehicle and vehicle-to-infrastructure technology develops, cyber threats will be a major concern for the auto industry in the years ahead and are already a key part of their design process.

Automakers already investing in cyber security. Ford, for example, utilizes a "threat modeling methodology" to review potential weak links, has a built-in firewall to separate infotainment and vehicle control systems and uses key cryptography to prohibit updates to its SYNC software unless it receives a unique code that's verified from Ford.

Lee, the Wisconsin professor, is skeptical that those kinds of methods will work.

"I know the industry is attentive to this, but just like computers these days – and your car is a computer – you have some documented cases where companies that have very good attention to security can be compromised," Lee said.

"They are striving to overcome the hackers, and the hackers are striving to overcome the obstacles," he said. "It's an arms race."

Pete Bigelow is an associate editor at AOL Autos. He can be reached via email at peter.bigelow@teamaol.com and followed @PeterCBigelow.



I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • 313 Comments
      Only Gonely
      • 2 Years Ago
      Our appathy will become our destruction. I would've said more, but Driller beat me to it.
      JD
      • 2 Years Ago
      The Taliban got the idea about 911 from a Tom Clancey Book. Yes, the media blast the world with how to kill articles. All of us honest blue collar citizens can only pray that it is the reports who write these, how to, articles that they target.
      Alphonso Carioti
      • 2 Years Ago
      Use common sense! If your car accelerates on it's own, take the car out of gear! Put it in neutral then pull over. No one is 'pushing' your car!
        K69gb
        • 2 Years Ago
        @Alphonso Carioti
        @ Alphonso The gear shift lever is not directly connected to the transmission on newer cars. There are a set of contacts that send a signal to a computer when you move the gear shift. The computer evaluates other input about the speed, engine RPM, etc. The computer will not shift the car into neutral and you will keep going up to and over 100 mph, until you crash. This is exactly what happened with the Toyotas when the gas pedal stuck. Computers also control your brakes, engine and transmission. Soon the computers will control the steering. God help us when the computers take over everything.
        jkrublit
        • 2 Years Ago
        @Alphonso Carioti
        Common sense isn't to common !
      Ron
      • 2 Years Ago
      Just buy a W124 Mercedes and be done with it.
      budshort
      • 2 Years Ago
      So these guys saw the opening scenes of "Fast and Furious 6"???
      dfoster
      • 2 Years Ago
      Scotty (Star Trek); "The more they work on the plumbing, the easier it is to stop up the drain." The more complex the system, the more errors, flaws, and holes it will contain, and the less reliable it becomes.
      Camille
      • 2 Years Ago
      How about we go back to when cars had no computers in them?
        budshort
        • 2 Years Ago
        @Camille
        That's alright by me, I grew up with the 50's hot rods, the 60's and 70's muscle cars, Points and condenser under the distributor cap and a 4 barrel carb on the intake manifold. I got tools to work on those...
      jimlpro
      • 2 Years Ago
      people have been doing this on computers for years...its called hacking. It generally involves things known as 'viruses' and 'spyware' (Thats just FYI so you dont fall for the journalistic sensationalism...)
      • 2 Years Ago
      Nothing like keeping the sheep scared to death so that they will gladly give up their rights.
      • 2 Years Ago
      The professional terrorists already know all this. Thet live breath and eat the possibilities of hurting any one American. They know all about these flaws and flukes they are not stupid they managed to bring down the world trade center for a couple of hundred thousand dollars. We are not letting out any info by discussing these things, there's always a chance some genius will think about all this and come up with a solution that boggles the mind
        Jimmie
        • 2 Years Ago
        I got one-let's all walk to our destinations from now on.
      hawkihot
      • 2 Years Ago
      lets just tell all, that don't know , what to do. Why are we so stupid posting these ideas??????
      • 2 Years Ago
      Keep in mind, this could happen to some medical equipment as well. A man's pacemaker could be hacked to accelerate his heart till he blood vessels in his brain bursts, or slow it down so it passes out, and slowly dies. An insulin pump could dump its entire supply of insulin in the person's blood, all at once. Then when it comes to explosives on things like planes, terrorists may have ordinance surgically implanted inside their bodies, maybe in such a way, that it looks like a pacemaker, insulin pump, or pack of prosthetic leg with plastic explosives. Some of these scenarios are downright scary.
        • 2 Years Ago
        Well, actually all of these scenarios are.
    • Load More Comments