A team of hackers working for McAfee want to see what they can do to keep cars hack proof so they are searching for electronic bugs that could make automobiles vulnerable to viruses.
Intel’s McAfee is just one company looking to protect the tiny computers and electronic communications systems built into today’s vehicles.
Security experts said automakers have failed to adequately protect these systems, leaving them vulnerable to hacks by attackers looking to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.
“You can definitely kill people,” said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit organization that helps companies analyze the potential for targeted computer attacks on their networks and products.
To date there have been no reports of violent attacks on automobiles using a computer virus, according to SAE International, an association of more than 128,000 technical professionals working in the aerospace and the auto industries.
Having said that, Ford officials told their security engineers to make its Sync in-vehicle communications and entertainment system resistant to attack.
And a group of U.S. computer scientists shook the industry in 2010 with a landmark study that showed viruses could damage cars when they were moving at high speeds. They did their tests at a decommissioned airport.
SAE International charged a committee of more than 40 industry experts with advising manufacturers on preventing, detecting and mitigating cyber attacks.
“Any cyber security breach carries certain risk,” said Jack Pokrzywa, SAE’s manager of ground vehicle standards. “SAE Vehicle Electrical System Security Committee is working hard to develop specifications which will reduce that risk in the vehicle area.”
The group of U.S. computer scientists from California and Washington state issued a second report last year that identified ways in which computer worms and Trojans could sneak into automobiles — via onboard diagnostics systems, wireless connections and even tainted CDs played on radios systems.
They did not say which company manufactured the cars they examined, but did say they believed the issues affected the entire industry, noting many automakers use common suppliers and development processes.
The three big U.S. automakers declined to say if they knew of any instances in which their vehicles suffered an attack with malicious software or if they had recalled cars to fix security vulnerabilities.
Automobiles are “computers on wheels,” security experts said. Vehicles have dozens of tiny computers known as electronic control units, or ECUs, that require tens of millions of lines of computer code to manage interconnected systems including engines, brakes and navigation as well as lighting, ventilation and entertainment.
Cars also use the same wireless technologies that power cell phones and Bluetooth headsets, which makes them vulnerable to remote attacks that are widely known to criminal hackers.