A new report from McAfee, in partnership with Wind River and ESCRYPT, examines risks associated with cybercriminal activity targeting car electronic systems, such as remotely unlocking and starting the car via cell phone, disabling the car remotely, tracking a driver’s location, stealing personal data from a Bluetooth system, disrupting navigation systems, and disabling emergency assistance.
“As cars add increasing amounts of BlueTooth capabilities, so that you have wireless conversations in our cars, or as we get connected through various cellular communications systems…these become devices that, while they create great convenience, can also be susceptible to attacks”, said Tim Fulkerson, senior director of marketing for McAfee Embedded Security.
The report noted that researchers at several universities have demonstrated that critical car safety components can be hacked if physical access to electronic components is available. Other researchers have shown that an attack can be mounted through a car's tire pressure monitoring system to track the car and compromise passengers’ privacy by tracking the RFID tags using long-distance readers at around 40 meters.
“As we move into this world where so many parts of our lives are going to have increasing amounts of devices that are computerized and connected…we need to be thoughtful about ensuring that these things are secure”, Fulkerson told Infosecurity.
Chris Burger, senior director of product management and marketing at Wind River, explained that one attack vector could be to hack into the car's WiFi system. “If there is a WiFi system in the car, it is conceivable that someone could hack into that and then into the IVI system that might be controlling functions of the car, such as the car lock status or the ignition”, he explained.
Citing Frost and Sullivan estimates, the report said that a car will require 200 million to 300 million lines of software code in the near future. “The increasing feature set, interconnectedness with other embedded systems, and cellular networking or Internet connectivity can also introduce security flaws that may become exploitable”, the report warned.
“The ever-growing number of embedded systems and integrated communications in modern automobiles have provided the convenience and personalization that consumers crave. But 10 years from now, will these same systems continue to hold consumer confidence, or will they quickly become another avenue for malware and breach of privacy data?”, the report concluded.