Your Car's Next Enemy: Malware

The increasing sophistication and network connectivity of automotive electronics will leave cars vulnerable to malware, McAfee says.
In the event you're insufficiently concerned about protecting your five- or six-figure automobile investment from clueless drivers, your own driving habits, and car thieves, feel free to inflate your paranoia further with fears of automotive malware.

While it may be early still to worry about surreptitiously placed hardware or software that's monitoring your in-vehicle handsfree calls or crashing code to crash your car, security companies are already preparing for the day that car buyers will opt for an automotive security plan.

McAfee, working with embedded software company Wind River and embedded systems security company Escrypt, on Wednesday published a report on the potential security issues that carmakers and car owners will have to confront in the years ahead.

"Caution: Malware Ahead" extrapolates from the work done by researchers at various universities on the vulnerabilities in automobile systems and concludes that the increasing amount of digital technology in vehicles will lead to security threats.

Citing a Frost and Sullivan estimate that cars will require some 200 million to 300 million lines of software code in the years to come, the report sees a rising level of risk.

"The increasing feature set, interconnectedness with other embedded systems, and cellular networking or Internet connectivity can also introduce security flaws that may become exploitable," the report states.

The report contemplates the possibility that cybercriminals may be able to remotely unlock, start, or disable cars via cellphone, track a driver's location, steal data via Bluetooth, or disrupt navigation or communication systems.

The basis for these worries is largely academic research that demonstrates vulnerabilities in car systems, through there have been a few actual car-related security exploits of note.

For example, a disgruntled former employee of a Texas car dealership was reportedly able to gain access to the dealership's remote vehicle immobilization system and misuse it to make customers' car horns honk and also alter car lease records to give the vehicles to deceased rapper Tupac Shakur.

While such concerns may take a backseat to more immediate automotive worries--like those who text and drive at the same time--they shouldn't be dismissed as industry fear-mongering, at least not entirely.

"Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer," said McAfee SVP and general manager Stuart McClure in a statement. "It's one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety."

See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.