|
 |
 |
|
Study finds car computers vulnerable to viruses, hijacking
As cars are becoming more computerized, they are also becoming more susceptible to viruses, a study released this month found.
The report, from the University of California San Diego and the University of Washington's Center for Automotive Embedded Systems Security (CAESS), argued that "[M]odern automobiles are pervasively computerized, and hence potentially vulnerable to attack."
The group found that cars are becoming more vulnerable to attacks from external remote-controlled devices, such as Bluetooth headsets and GPS tracking.
"A modern automobile is controlled by tens of distinct computers physically interconnected with each other via internal (wired) buses and thus exposed to one another," the conclusion of the CAESS report says. "A non-trivial number of these components are also externally accessible via a variety of [input/output] interfaces.
The CAESS said its report focused on a "moderately priced sedan."
"We iteratively refined an automotive threat model framework and implemented complete, end-to-end attacks along key points of this framework," the authors wrote. "For example, we can compromise the car’s radio and upload custom firmware via a doctored CD, we can compromise the technicians’ PassThru devices and thereby compromise any car subsequently connected to the PassThru device, and we can call our car’s cellular phone number to obtain full control over the car’s telematics unit over an arbitrary distance."
The group added a disclaimer that "many of the specific vulnerabilities identified in this paper have or will soon be addressed."
The full CAESS report can be read here.
