Your Car's Next Enemy: Malware

The increasing sophistication and network connectivity of automotive electronics will leave cars vulnerable to malware, McAfee says.

Thomas Claburn, Editor at Large, Enterprise Mobility

September 7, 2011

2 Min Read

In the event you're insufficiently concerned about protecting your five- or six-figure automobile investment from clueless drivers, your own driving habits, and car thieves, feel free to inflate your paranoia further with fears of automotive malware.

While it may be early still to worry about surreptitiously placed hardware or software that's monitoring your in-vehicle handsfree calls or crashing code to crash your car, security companies are already preparing for the day that car buyers will opt for an automotive security plan.

McAfee, working with embedded software company Wind River and embedded systems security company Escrypt, on Wednesday published a report on the potential security issues that carmakers and car owners will have to confront in the years ahead.

"Caution: Malware Ahead" extrapolates from the work done by researchers at various universities on the vulnerabilities in automobile systems and concludes that the increasing amount of digital technology in vehicles will lead to security threats.

Citing a Frost and Sullivan estimate that cars will require some 200 million to 300 million lines of software code in the years to come, the report sees a rising level of risk.

"The increasing feature set, interconnectedness with other embedded systems, and cellular networking or Internet connectivity can also introduce security flaws that may become exploitable," the report states.

The report contemplates the possibility that cybercriminals may be able to remotely unlock, start, or disable cars via cellphone, track a driver's location, steal data via Bluetooth, or disrupt navigation or communication systems.

The basis for these worries is largely academic research that demonstrates vulnerabilities in car systems, through there have been a few actual car-related security exploits of note.

For example, a disgruntled former employee of a Texas car dealership was reportedly able to gain access to the dealership's remote vehicle immobilization system and misuse it to make customers' car horns honk and also alter car lease records to give the vehicles to deceased rapper Tupac Shakur.

While such concerns may take a backseat to more immediate automotive worries--like those who text and drive at the same time--they shouldn't be dismissed as industry fear-mongering, at least not entirely.

"Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer," said McAfee SVP and general manager Stuart McClure in a statement. "It's one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety."

See the latest IT solutions at Interop New York. Learn to leverage business technology innovations--including cloud, virtualization, security, mobility, and data center advances--that cut costs, increase productivity, and drive business value. Save 25% on Flex and Conference Passes or get a Free Expo Pass with code CPFHNY25. It happens in New York City, Oct. 3-7, 2011. Register now.

Read more about:

2011

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights