By JOHN MARKOFF, New York Times
Automobiles, which will be increasingly connected to the Internet in the near future, could be vulnerable to hackers just as computers are now, two teams of computer scientists are warning in a paper to be presented next week.
The scientists say that they were able to remotely control braking and other functions, and that the car industry was running the risk of repeating the security mistakes of the PC industry.
“We demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on,” they wrote in the report, “Experimental Security Analysis of a Modern Automobile.”
In the paper, which will be presented at a computer security conference next week in Oakland, Calif., computer security specialists at the University of Washington and the University of California, San Diego, report that while modern cars have extensive safety engineering in the design of their computer control systems, little thought has been given to the potential threat of hackers who may want to take over the networks that increasingly control modern cars.
“We noticed the extent to which automobiles were becoming computerized,” said Stefan Savage, a computer scientist at U.C.S.D. who was a member of one of two groups that have been studying the electronic control units of two different cars to look for network vulnerabilities that could be exploited by a potential attacker. “We found ourselves thinking we should try to get in front of this before it suddenly becomes an issue.”
The researchers, financed by the National Science Foundation, tested two versions of a late-model car in both laboratory and field settings. They did not identify the maker or the brand of the car, but said they believed they were representative of the computer network control systems that have proliferated in most cars today.
Full story at http://www.nytimes.com/2010/05/14/science/14hack.html