A 14-year-old boy has stunned the automotive industry by showing how to hack into connected cars with apparent ease.
Armed with only $15 of simple electronics gear
he bought from RadioShack, the boy was easily able to unlock and start a
connected car. The make of vehicle that was breached has not been
revealed, but it is said to be one of the larger brands.
The news has been described as a “pivot moment”
in car security, and is of great concern to the automotive industry,
which is investing heavily in designing and building connected and even
self-driving cars. Such vehicles will inevitably become the norm in the
coming years as people look for safer driving experiences – with their
cars connected to local infrastructure such as traffic signals and
emergency services – but security concerns only seem to get worse.
The 14-year-old boy, who has not been named,
built his own circuit board overnight. The next day, the boy was able to
easily hack into the car, and unlock its doors and remote-start the
engine. He also set the wipers going and was able to make the car play
music from his mobile phone. Just to press the point, he then flashed
the headlights to the beat.
The hack was part of a cyber security competition run by nonprofit research and development organization Battelle.
Dr Anuja Sonalker, lead scientist at the
organizaton, said this was a “pivot moment”, according to the Auto Blog.
She added: “For the automakers participating, they realised, ‘Huh, the
barrier to entry was far lower than we thought’. You don’t have to be an
engineer. You can be a kid with $14.”
The automotive and technology industries are
investing heavily in connected cars. Last month, Ford opened a huge
dedicated factory in Silicon Valley, Google is also investing
extensively on developing self driving vehicles, and Apple is rumored to
be developing an electric car. Security is becoming an ever wider issue
in the industry, and hacks have also been demonstrated on a Chevy
Impala and BMW in recent weeks.
The most critical threats to connected cars are
intrusions, fraudulent warranty claims, safety and theft, as well as
malware, full data injection, misbehavior, and driver data leakage,
according to Sonalker.
Earlier in the month a vulnerability with BMW's Connected Drive was exposed, which has since been fixed.
Recently a vulnerability with BMW's Connected Drive affecting 2.2M vehicles was exposed.
She describes full prevention as “mission impossible” and argues instead that effective threat management and minimizing the resulting damage is crucial. For this, better standards and detection systems, as well as cooperation between government and different manufacturers, is crucial.
She describes full prevention as “mission impossible” and argues instead that effective threat management and minimizing the resulting damage is crucial. For this, better standards and detection systems, as well as cooperation between government and different manufacturers, is crucial.
“We may not get it right the first attempt,” she
said at a Center for Automotive Research presentation last week, “but
the first comprehensive multi-party attempt is the right approach.”
The threat does not stop at cars, Sonalker said, according to a report
in the Detroit Free Press. A hacker could move from a connected vehicle
to the power grid, or police and fire networks. One key to security in
that situation will be to quickly isolate hacked vehicles from the
network.
Read More
No comments:
Post a Comment