You are on page 1of 4

tephen King's 1983 horror tale Christine tells the story of an evil car with a mind of its own

. While we know that automobiles aren't possessed by supernatural forces (Ok, I once had a smokespewing Mustang which I still have my doubts about!), today's vehicles definitely have minds of their own.
They're filled with computer technology. Just when you thought you' d
heard the worst about the Internet., now a llen communicates to other systems, including by Bluetooth to yo ur ce ll pho ne, and the thefl. deterrence mod ule, which prevents the car from starting wimout a valid key and code. There is, to mix metaphors, a boatload of tech in your car. As you can sec, computers control some very critical systems, including engine perfonnance, brakes, and transmission. If a hacker could gain access to these systems bad mings could be made to happen. Likewise, computers also tm.l1smit sensor data (like tire pressure) and irthe sensor data could be altered so internal safety systems are effectively fed false data, bad thin gs could al so happen . Imagine, forexample,jusl how dangerous it would be if an airbag inflated sudden ly wh ile driving along the highway at 75mph. For anomer example, imagine if the brakes were frozen at a particular time, or if the throttle cou ld be forced to change while driving. I know you're thinking one ming: Sync talks to my phon e throug h Bluetooth, and then the phone talks to various Internet services through the cellula r connection. Various diagnosis and help services (OnStar is a good example) also have cellular connections to a vehicle. Whil e current vehic les provide mostly communication and entertaimnent services over Bluetoo th and th e cellular network, so me diagnostic and control data is provided via specialized services. Sync, for example. provides a vehicl e diagnostics repon back to Ford for each Sync-enabled vehicl e where the feature is turned on. In the future, we can expect some vehicles to not only send diagnostic information out of the car, but also get adj ustment data back from onlinc services. How many times have you turned on your PC and Mac, or even your Xbox 360 o r PlayStation 3, and been instructed tl13t an update needs to be installed? We can fu lly expect that vehicle pcrfonnance tweaks may be made remotely, either in response to fucl econo my measures or simply as stepwise improvements for vehicle functionality. These updates could, in theory, be hackable - either through the cellular network or through a form of Bluetooth sniping (long-range directed Bluetooth network access). Making damaging changes to internal vehicle metries remotely would be simi lar to inflicling a computer virus on a personal computer. The research team con fined the bulk of tllcir experiments to OBDII access. What they found was disturbing: We detennined that someone with access to the intern a l network in the car could use his or her own computer equipment to take over a broad array o f safety-critica l com put er systems.

For exa mpl e, in li ve road tests, we were able to forcibly and completely disengage the brakes wh ile driving, making it difficult for the driver to stop. Conversely, we were able to forcibly acti vate the brakes , lurc hing the driver forward and causi ng the car to stop suddenly. To be fair, the researches don't claim mat drivers today are at serious ri sk. In order for an attacker to cause hann, he or she must - at some point - have physical access to the inside of me vehicle. In addition. the programming necessary to compromise vehicle systems requires some level oftcchnical sophisticat ion. So, what's the bottom line? A re we at risk or not? And w hat are the counterterrorism considerations? Right now, most dri vers are far more like ly to get hurt because they' re talkin g on th e ir phones o r texting their frie nd s th an they are because their intern al veh icle co mputer sys tem s have been compromised. There 's no need for current dri vers to worry. But, if the tc ndency to connect everything to our communication s grid continues, then we may see comprom ised vehi cular system s o n a wider sca le. It is, however, important to continu e to remain vigilant abo ut physical security. Just as it's poss ibl e to attach a bomb to the bottom of a vehicle, damage brake lines, or otherwise cause harm through physi ca l access, it has now been proven possib le to cause delayed and carefully timed damage to a vehicle and it s occupants throu gh its internal computer network.

cyberterrorism. and dastardly digital deeds, now there's a new threat: car hacking. A tcam of researchers at the University of California San Diego and the University of Washington. working under grants fro m
the National Science Foundation, delennined that modem cars can be subject (0 devastating digital attacks. If you've ever opcncd the hood ora car built in the 19605 and onc built

today, you'd see a vast diffcrencc. A

talented gearhead can work on a car

from the 1960s without specialized tools from the factory, while a modem car requires a lot of spec ialized

gear and, of particular nOle, a laptop. Modern cars are co ntrolled by

digital systems. These car computers have a real benefiL TIley make cars safer to drive and morc fu el effieienl

You may not realize just how much computer technology is in your car. Digital tech includes an engine control module that adjusts fuel and ignition timing, the brake contro l module that controls your anti-lock brakes and manages the pump malar and values and regulates hydraulic pressure, the transmission control module that senses vehicle performance and changes gean;, the body con trol module which provi des information to the driver and divides internal vehicle networks, the telematics module which allows remote cellular communication to the car,the remote-control door lock receiver which locks or unlocks your doors (and gets tire pressure data wirelessly from tire-monitoring sensors). the heating, ventil ation, and AlC which con trol s the car's cabin environment, the innatable restraint sens ing and diagnosis module, which controls you r car's airbags and seatbelts. the instrument cluster. which provides the driver with vehicle information, the car's radio/entertainment system, which

''Gee, Dave, that's all well and good,

but my car isn' t connected to me Intemel" You'd be right about that - son of. There are two ways to gain access to the pervasive computing infrastructure inside a car. The first is with a federally-mandated access port ca lled an OBD-Il (onboard diagnostics) pon. This is a small jack located under the dashboard of most vehicles which provides complete access to the car's internal networks. This is the way the UCSD and Univ. of Washington researchers tapped into thcir car's network for intrusion experiments. But more and more cars are connected to the outside world through various wireless connections. My Ford EsC.1PC, for example, has the Microsofl. Sync system install ed.

About the Author

Dt::nidGelITrtz iYdin!ctorofdre StraJegic PtnpeCtn>e IuSlilllle and edilor-i,..cJII"ejof tIre ZAIZ techl1ical maga:ines. fie regularly \I n"Jes rommelllary aud ana/ysiYJor CAWs


Andersoll Cooper 360, and has writ/ell more than 700 articles abolll recJmolog}! David is a fom1f!r prof ssor oj complller e science, has lecMm at Priuceton, lJerl;eley. UCL4. and S/wYord. has beel! (llIrurJeti the 1JfT!'Sligiolis Sigma Xi Research Award ill Engineering. alld was a COlldidaJe for tire 2008 Pulitzer Prize ill LelleN, He is Ihe Cyoeruwjare A(Msor forlACSl'