Protect your car, data from hackers - Off Duty, Automotive - Navy Times

Protect your car, data from hackers

In a late-model vehicle, an onboard computer -- the "ECM," or Electronic Control Module -- controls everything from basic engine operation to when and how firmly the transmission shifts.

The average new car, according to IBM, contains 20 processors to monitor and control functions -- with about 60 megabytes of software code. Many late-model cars also have onboard (and computer-controlled) navigation and communication systems that interface with cell phones, personal digital assistants and even the Internet, allowing drivers to send and receive e-mail from their vehicles.

A growing concern is that this electronic back-and-forth with the outside world -- via wireless communication technologies such as Bluetooth -- could allow a hacker to access a vehicle's onboard systems or make them vulnerable to computer viruses. Some of these in-car systems are based on a version of Microsoft Windows software -- the same basic operating system being hacked into every day in the online world. BMW's iDrive interface, for example, uses a "mouse" on the car's center console to control a menu of in-car operations.

Bluetooth short-range wireless communication technology enables drivers to access cell phone-based address books via their in-car phones -- and is becoming a common feature available on many new vehicles.

Researchers with the Finnish computer-security company F-Secure tried to introduce multiple versions of the Cabir virus -- a worm released in 2004 that targeted cell phones and PDAs -- into a Toyota Prius via Bluetooth.

The good news is, nothing happened.

"No matter what we did, the car did not react to the Bluetooth traffic at all," said F-Secure's Jarno Niemela. Researchers weren't even able to get the Cabir virus into the car's operating systems when they used a program designed to transfer the corrupted file.

The bad news is that many computer experts (including those at F-Secure) believe the nature of onboard technology makes it as vulnerable as any desktop computer, laptop, PDA or smart phone connected to, or that communicates with, the online world -- especially the wireless online world.

F-Secure's director of anti-virus research, Mikko Hypponen, said "computers are listening to radio traffic all the time. Even though you can safeguard a [wireless network] with a firewall and can turn Bluetooth to hidden mode, if you have a weakness in the wireless network or Bluetooth driver, the weakness can be exploited."

To date, the threat posed by hackers and viruses has been limited to desktops, laptops and PDAs/cell phones using wireless technology -- or which are connected to the Internet -- where viruses are a constant source of worry. But the technology finding its way into cars is not fundamentally dissimilar. (The Prius, for example, uses a proprietary form of Microsoft CE called Symbian.)

GM's popular OnStar concierge/ communication system also uses cellular and Global Positioning System technologies to perform multiple functions -- everything from real-time directional and roadside assistance to help find a gas station to unlocking a vehicle's doors remotely if the owner accidentally leaves the key in the ignition when closing the door. And it does all this using wireless networks.

If a hacker manages to penetrate the OnStar system, he might be able unlock your car's doors, pop the trunk or maybe even start the engine. And he could do this all without a key -- and without you ever suspecting a thing until you come back from shopping to find your car empty of valuables, or simply not there.

OnStar representatives say protocols are in place to prevent viruses from corrupting the system. While these have been successful, industry experts such as Hypponen point out that past success is no guarantee of perpetual invulnerability. The technology is so new that the bad guys probably haven't gotten around to it yet.

Firewalls are essential

So what can you do to protect yourself -- and your car?

Experts say the same security protocols one would deploy to keep a laptop or PDA secure apply to in-car systems. In all cases, it is wireless traffic that is easiest to intercept -- and which serves as the "bridge" across which viruses could enter your vehicle's systems. Such services should therefore be used only when your system has the latest firewalls built in. If you keep your laptop, PDA or smart phone secure, it will be that much harder for a would-be hacker or a virus to make its way from these devices into your vehicle.

Given the inventiveness of traditional computer hackers, however, it's not unreasonable to imagine they'll eventually succeed at wreaking havoc with our increasingly high-tech cars -- causing owners some expensive headaches.

The only question is when, and how much damage they will be able to do?

Eric Peters is an automotive columnist who has covered the auto industry since 1992. His work has appeared in the Wall Street Journal, Detroit Free Press and Detroit News, among other publications. E-mail him at Epeters952@aol.com.