The modern car is no longer simply a way to get around. It has become a complex network of computerized units, from anti-lock brakes to remote starters, self-parking technology and more. Quite literally, the computers are in control, which could have serious consequences down the line if we don’t think ahead about how to secure these embedded systems.
The security implications of these new technologies are extensive, and just now beginning to come to light. At a car dealer in Texas early last year, a disgruntled former employee was handed felony charges for using another employee’s password to gain access to the firm’s GPS system. With it, the man was able to wreak havoc on the firm’s customers, setting off car alarms and disabling vehicles remotely until he was tracked down.
While this example resulted in minimal damage, researchers are increasingly concerned that if manufacturers don’t address these vulnerabilities now, attacks will only continue to increase. It’s only a matter of time before we see criminals exploiting security weaknesses to remotely open car doors, or track vehicles using RFID tags. Remote access starts to get really scary when you think about it on a larger scale – imagine a terrorist group speeding up cars or locking brakes during your daily commute over the Golden Gate Bridge.
Any electronic system is at risk, and automakers and regulators need to address this threat now before it moves too far away from the hypothetical. Security regulations should be set in place for these embedded devices, with standards that combine both hardware and software solutions. For example, isolating a car’s entertainment system from safety-critical devices, preventing someone from inserting a CD that could send a signal to the brakes.
The future is not as far away as we think, and here at McAfee, we are building secure silicon for embedded solutions in an effort to make sure these systems continue to hold consumer confidence. For more information on this topic, check out my video interview with CBS, and be sure to read our whitepaper on emerging risks in automotive system security. We also update our followers regularly on Twitter at @IntelSec_Biz, where you can find the latest in McAfee news and events.