How Safe Will Cars Be From Computer Viruses?
(Originally published in 2009)
The Four Wheel Drift from Apex Marketing Strategy
With all the computer-based technology in a modern car
how long will it be before hackers find an "in"?
Two nights ago my wife yelled for me from her home office. Unfortunately, a computer virus had infiltrated her notebook pc and had taken over the whole system.
Like other pediatricians, she has been working long hours due to the nasty spread of H1N1. Ironically, standing in the way of her dictating the huge stack of patient charts was an entirely different type of destructive virus.
As some loyal readers know, I was a tech geek long before I was an automotive writer. I was first exposed to computer viruses in the late 1980s when my high school became the first in the world to get hit with a system-wide virus -- the dreaded nVIR, which took down the school’s fledgling Mac network. After college, I ran the business and technical operations of an early Internet provider, Cyberspace.com, which in 1995 provided me the opportunity of working in cooperation with the FBI Computer Crimes Division in an attempt (make that “failed attempt”) to apprehend one of the world’s most wanted hackers and phreakers (one who hacks telecommunications networks and phone systems). I also later worked in product management and marketing for web, system management and security software companies.
Ridding computers of malware (the name for malicious software viruses, worms, adware, etc…) is very similar to fixing problems with a car. One simply tries to methodically isolate the symptoms and problems. It is generally a tedious process, but with a great sense of accomplishment when the system is returned to good working order.
Just like with automotive technology, computer viruses have become far more advanced and complex. I marveled at this specific virus’ ability to lock out Windows' Task Manager and Registry Editor functions, prevent .exe files from running, and elegantly block any web site with a single mention of an anti-virus software application name.
In the midst of running a scan at roughly 1:30AM, my train of thought segued from hacking computers to cars. I chuckled with the memory of a friend wiring a Miata's brake light circuit to its horn, so when the owner stepped on the brake pedal the horn blew.
Then my stomach sank.
It occurred to me that the day when an elegantly-designed, yet very malicious virus targeted towards cars and trucks is far closer than anyone has seemingly acknowledged. I’m not a big fear monger, but there is a plausible scary future based on the realities of the past and present.
Hackers and virus designers utilize two elements to work their evil magic: a host (a vulnerable system) and access (the ability to remotely install software to said host system). As far as the former component, cars have been developing as host systems since ECUs of electronic ignition and fuel injection systems replaced points and carburetion in the 1980s.
When the 1997 C5 Corvette first appeared, it did so with more on board computers than the first NASA Space Shuttle. All of these computers working to manage the C5 were essentially closed systems with access available only via a mechanic’s scanners…and largely cars today are in a similar situation, at least for the most part. While scanners do have downloadable updates, the manufacturers ensure that these are also fundamentally closed systems.
The biggest gift to hackers in terms of access is the Internet. By web-enabling cars and trucks to upload and download data from the ‘Net, sick-minded hackers are given a key to create mass vehicular chaos.
Let’s face it -- the worst thing that can happen to your home computer is that all the data is erased. All one needs to do is have a creepy imagination to see the infinite opportunities automotive hacking has for wreaking far greater damage on daily life.
In terms of potential global impact, the difference in magnitude between hacking personal or business computers and automobiles is huge...like Hootie and The Blowfish versus The Beatles.
New vehicles feature drive-by-wire throttle control, computer-managed variable ratio steering, software-driven transmissions, data-processing for stability control (yaw, ABS braking and traction control), and on-the-fly manipulation of fuel, spark and air induction. If these systems were to be insecurely tied -- even indirectly to a seemingly innocuous web-enabled process, any or all systems could be hacked and reprogrammed with a virus created by a guy sitting in his parent’s basement with a couple computers littered with stacks of empty pizza boxes and Mountain Dew bottles.
Imagine a virus that sporadically reversed your car's drive-by-wire gas pedal to make wide-open-throttle at the standard idle position. Maybe someone’s idea of “funny” would be to constantly vary the variable ratio steering or deploy all the airbags given a certain odometer reading. My nightmare, though, is that a hacker would write a virus to utilize throttle position data and stability control to simply speed a car up, apply one brake and disable all airbags to ensure a catastrophic collision.
How much web-enabling is enough to open Pandora’s Glovebox? I have no idea. Since manufacturers are already touting in ads the ability for cars to send emails to dealers and text to owners when service is necessary, the window of opportunity seems to be opening. If I were a betting man, I’d guess that the moment one can browse the web or check email via a factory-installed navigation system, the games will be on.
I hope I’m wrong. Maybe the worst thing that will happen is that navigation systems in all Dodge Chargers will instantly and permanently display the locations of all Hooters restaurants in the US. Of course, given that model's ownership demographic, this would probably be considered a well-appreciated benefit.
The FBI Computer Crimes guru once told me that the this topic boils down to a challenge about time resources. There are thousands of lonely people spending twenty hours seven days per week trying to hack software. In the best case scenario, however, the corporate software engineers are only working eight to twelve hours Monday through Friday to prevent hacks.
Maybe I’m a cynic, but I don’t trust that auto manufacturers right now are taking to heart the old precept: hope for the best, plan for the worst.
Back to Apex's Automotive Content Services