Most people don't realize how "wired" every modern car is -- with a computer controlling everything from basic engine operation to when and how firmly the transmission shifts to the operation of things like cruise control. Many new cars are also equipped with onboard (and computer-controlled) navigation and communication systems that interface with cell phones, PDAs -- even the Internet.
The concern is that this electronic back-and-forth with the outside world -- and
wireless communication systems -- could enable a hacker to access a vehicle's
onboard systems and infect them with a computer virus. Many of these
systems (for example, BMW's iDrive interface, which uses a "mouse" on the car's
center console to control a menu of in-car operations) are based on a version of
Microsoft software -- and anyone using Windows online knows all about viruses and the havoc they can wreak.
Bluetooth short-range wireless communication technology -- which among other things enables drivers to access cell phone-based address books with their in-car phones -- was tested recently to see whether a virus could be introduced into a vehicle's onboard electronic systems.
A Toyota Prius hybrid -- one of the most intensively "wired" vehicles currently on the road -- was used for the test. Researchers with the Finnish computer security firm F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into the Prius via Bluetooth wireless interaction with the car's onboard systems.
The good news is that nothing happened.
"No matter what we did the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. In fact, the researchers weren't even able to get the Cabir virus into the car's operating systems when they used a special program designed to transfer the corrupted file.
These tests confirmed Toyota's insistence that claims its vehicles were susceptible to being hacked into via phone viruses traveling over the Bluetooth system are unfounded.
At least so far.
Many computer experts believe the very nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smartphone that's connected to or communicates with the online world -- especially the wireless online world.
F-Secure's director of anti-virus research Mikko Hypponen, for example, says "computers are listening to radio traffic all the time. Even though you can safeguard a (wireless network) with a firewall and can turn Bluetooth to hidden mode, if you have a weakness in the wireless network or Bluetooth driver the weakness can be exploited."
To date, the threat has been limited to desktops and laptops using wireless technology or which are connected to the Internet -- where viruses are a constant source of worry. But the technology finding its way into cars is not fundamentally dissimilar -- and as with in-car phones and Bluetooth, these devices increasingly communicate with each other and the outside world. And it is this communication that creates the potential vulnerability -- the "bridge" over which a future virus may travel from your cell phone, PDA or laptop directly into your car's electronic brain.
GM's OnStar concierge/communication system has also not been affected by a computer virus, either. But as with Bluetooth, the system is theoretically vulnerable. OnStar uses cellular and GPS technologies to perform multiple functions -- everything from "real time" directional/roadside assistance to help finding a gas station to unlocking a vehicle's doors remotely if the owner accidentally leaves them in the ignition before inadvertently closing the door.
In theory, if a hacker manages to penetrate the OnStar system, he might be able unlock your car's doors -- even start the engine. All without a key -- and without you ever suspecting a thing until you come back from shopping to find your car's empty of valuables. Or simply not there anymore.
OnStar representatives claim protocols are in place to prevent viruses from corrupting the system, but while these have been successful so far, industry experts such as F-Secure's Mikko Hypponen point out that's no guarantee of perpetual invulnerability.
The Prius hybrid uses a unique, proprietary operating system called Symbian -- which may be the reason Cabir (which was designed to attack Microsoft-based systems) was unable to do any damage. But even a non-Microsoft proprietary system can be breached -- if a determined hacker figures out the code and evades built-in firewalls and defenses.
Cars are becoming exponentially more complex with each new model year -- with formerly high-end/niche technologies such as GPS navigation and communication systems becoming commonplace features on even modestly priced vehicles such as the Mazda3 and Ford Five Hundred. Wireless communication systems are growing in popularity, too -- with many new cars now offering hands-free integrated cell phones and some form of wireless communication technology such as Bluetooth. It's a near-certainty that drivers will soon be able to access their e-mails and even surf the Net while in their cars using technology built right into the vehicle.
These systems typically have an interface with a single control unit and display -- all of it tied into the car's general operating system -- which also controls the engine and many other components.
The average new car, according to IBM, already contains 20 individual processors to monitor and control various functions -- everything from the transmission's shift points to the operation of the climate control unit -- with about 60 megabytes of software code.
Given the inventiveness of traditional computer hackers, it's not unreasonable to imagine they'll eventually succeed at wreaking havoc with our increasingly high-tech cars -- causing owners some very expensive headaches.
The only real question is when -- and how much damage they'll be able to do.