A few months ago, researchers with the University of Washington and UC San Diego released a paper detailing their "Experimental Security Analysis of a Modern Automobile". It presented a dark story where the electronic components of a vehicle, given the right access and know-how by a motivated individual, could program events to occur from the benign (windshield wipers come on when you reach 20 MPH) to the homicidal (disable brakes and ignition over 80 MPH). It even proposed that with newer vehicles self-parking capabilities, it might be possible for steering to be arrested from the driver. If there was a silver lining it was felt that the individual hacking the device needed physical connectivity in order for the exploit to be realized. There was some indication that with weak Bluetooth security it might be possible to use that as an access vector but nothing was firmly tested.
Now, another method of wirelessly accessing your vehicle has been exposed by researchers at Rutgers University. In a paper being presented this week at the USENIX Security Symposium, tire pressure monitoring systems (TPMS) are gaining quite a bit of attention. Most people are likely unaware that all new cars in the US have been required to have a wireless tire pressure monitoring systems since 2008. The paper explains that with relatively inexpensive equipment, researchers from up to 120 feet away could obtain wireless data from the sensors, spoof it, and then send it back to the car with inaccurate data while traveling 65 MPH. While the data that was spoofed was merely enough to make the tire pressure light on the car's dashboard display incorrectly, it signals a potential foothold for wireless attacks by nefarious individuals. At, once again, it shows a serious lack of foresight by product manufacturers to account for ways that their systems could be gamed.
Each and of themselves, the threats have limited play. However, when they become combined (and what would make anyone think otherwise?), the results could be extremely dangerous. Automakers need to review how they approach the security architecture of our vehicle's internal devices now, before a flashing light on your dashboard turns into a stuck accelerator or worse…
Comments