Advanced cars: Are they a threat or a blessing?

15 11 2011

by Fahad Alkhowaiter

The more technology we introduce, the easier our lives becomes. However, this comes with the complexity of how to properly use such technologies. For example, nowadays you notice the use of keyless cars became popular. It is really convenient to open the door and start the car without having to pull out your keys. However, this same technology might make it easier for thieves to break into your car in non-invasive way.  For example, researchers were able to access cars and drive them away by replaying the signals between the keys and the car after copying those signals from the original key. They only needed to be in the right distance from the keys! Of course, no protocol or cryptography can prevent this attack (Erica Naone: Technology Review)

This is really trivial if you learned that researchers from University of Washington and the University of California at San Diego were able to disable breaks, engines, and lock passengers inside their cars remotely. Not only that, they managed to erase any evidence of their existence after crashing a car (Dennis Fisher: Threat Post). Although the risk of doing such attack is very low due to its complexity, but no one can tell what a group of bad people can go for to execute criminal activities. In addition, there might be ways to exploit vulnerabilities that are not discovered yet.

The coming new trend of cars will be linking cars together with a technology similar to peer to peer called V2V, Vehicle to Vehicle. So in the near future, cars will be communicating with each other on the road. There are so many uses for such cool feature that will make a difference to our driving experience. For example, if my car can obtain the speed of the car in front of me, and then the driver of that car hit the break instantly, then my car can react by its own to prevent an accident (Wayne Cunningham: CNET).  “Quoting a study by the National Highway Traffic Safety Administration, GM says vehicle-to-vehicle and vehicle-to-infrastructure communication systems could help avert nearly 81 percent of all U.S. vehicle crashes.” (Darren Quick: gizmag). Averting 81% of accidents is for sure significant in the road safety. Thus, we need to implement this solution securely to make sure that the V2V project reaps its positive affects. Lets say that attackers managed to configure their cars to send false information to other cars, like making other cars react to avoid a false accident to cause real accident. Such attack can create a mess and cost lives. This might make people lose faith in the V2V and render such good solution unusable because no one would buy V2V cars.

The bad affect of advanced cars might range from small affect like simply violating individuals’ privacy to more serious situations like attacking a whole nation. For example, networked cars can be utilized to conduct a large-scale terrorist attack! Imagine turning off all Ford cars due to vulnerability in their system in rush hours! This is a serious threat that needs to be looked at and evaluated seriously before starting to utilize this technology. Hacking is not the only threat, political issues might also play a role. For example, Toyota is one of the most popular car sellers in the world. Lets assume that Japan suddenly had political problems with another country.  Then with networked cars, Japan might have the ability to shutdown all Toyota cars remotely and suddenly in that country, which for sure will cause chaos.

At this era, there is no escape of having advanced networked cars in the short and long run. The needs for services that come with those advanced networked cars are high.  Thus, we need to try our best to secure networked cars and manage the risks that comes with such technology. Research to secure networked cars should be funded and taken car of by all levels. It is to the best interest for both governments and manufacturers to ensure those cars are secured.  With no proper security to networked car, national security can be violated and cars manufacturer’s reputation can be damaged. In addition, each government should create security standards to test any new advanced networked car against to make sure they are safe to the level they accept.

Proper risk management tools needs to be used too. Through risk management, vulnerabilities, threats, proper controls and residual risk will be identified. The following is a simple example of minimizing the risk that comes with keyless exploit. The keyless exploit can be prevented by educating the car owners to shield their keys when they are not in use to prevent attackers to catch the signals. Another solution is, to add a button to the car remote to turn it on and off. In this way, customers should not turn the remote on except when needed which will minimize the chance of the exploit (Erica Naone: Technology Review).

Using advanced networked cars will add so many nice features. However, manufacturers and governments need to study each feature carefully to make sure proper risk management has been conducted. Moreover, government should develop testing standard before approving any networked car to be driven. Last but not least, continuous security enhancement research must be supported.