Wednesday, August 17, 2011

Realtime Hacking of Your Car

An article in Popular Science on DOT Mapping Out a Plan to Protect Cars From Cyber-Attacks started me looking at this.

FedBizOpps.Gov has the following RFI on their website:

Cyber security and Safety of Motor Vehicles Equipped with Electronic Control Systems

 2.0 Background. Information and electronic technologies are being increasingly used to enhance transportation safety and efficiency - resulting in increasingly complex, cyber-physical systems, and new failure modes and mechanisms that are not well understood with respect to safety hazards and security vulnerabilities. 

The USDOT is collecting relevant information to characterize needs and establish a strategic research roadmap to meet the rising challenges of ensuring the safety of automotive safety-critical systems due to increasing complexity of motor vehicle systems using advanced electronic controls to improve drivability, safety, efficiency, and operational reliability; escalating use of information technology in motor vehicles to enhance basic and secondary vehicle functions and to enable infotainment applications; and wireless connectivity to in-vehicle systems, between vehicles and external information networks, and among vehicles. 

Essential information and insights are sought as input to strategic decisions about next research steps and justifying initiatives relative to research possibilities as well as revised approaches to regulation, enforcement, incident/forensics, vehicle testing, communications/outreach/professional capacity building, or recommended electronic hardware/software systems architecture and engineering design safeguard principles and/or practices, including human factors and training considerations.

This looks like a very interesting and extremely important RFI.  Here is an interesting article by ABC News on:

Scientists Hack Into Cars' Computers -- Control Brakes, Engine

The following got my attention in the article:

  "Vehicle manufacturers and third-party systems are increasingly using wireless networks as a cheaper means for connecting to Electronic Control Units (ECUs) – the computer brains behind braking, engine, and locking mechanisms along with other systems. A typical luxury sedan today may use more than 100 megabytes of computer code spread across 50 to 70 ECUs, researchers say."

1 comment:

  1. The ABC News article required some dramatic license. Intercepting the tire pressure monitoring "eventually wrecked the internal computer". What does "wrecked" mean? It didn't say it wrecked the car. And they _physically_ connected to the car's computer to control the brakes and engine. A radio-controlled battery disabler might crash a car but (admittedly) leaves some evidence of tampering.

    I concur that the TPM signals probably amount to a 'fingerprint' for a car, and solving similar problems may be hard. OTOH, crashing a car while driving alongside it is as cheap as a Smith & Wesson.