A GROUP of hackers in the United States has called on car-makers to start ranking vehicles according to how well they stack up against the threat of electronic attack.
I am The Cavalry, a group of altruistic hackers concerned that the pace of technology is outstripping our ability to secure it, has presented a paper to the annual Defcon computer security conference in the US calling on a star rating system similar to the one used for crash safety to rank cars according to how resistant they are to cyber-attack.
“Modern cars are computers on wheels and are increasingly connected and controlled by software,” the group said.
“Dependence on technology in vehicles has grown faster than effective means to secure it.” The paper, presented before the world’s best computer security experts, says researchers have already demonstrated that cars were vulnerable to “accidents and adversaries over more than a decade”.
“Malicious attackers, software flaws, and privacy concerns are the potential unintended consequences of computer technologies driving this latest round of innovation,” the paper says.
“The once distinct worlds of automobiles and cyber security have collided.
“In kind, now is the time for the automotive industry and the security community to connect and collaborate toward our common goals.” The group has asked car-makers to open their vehicles up to hackers as part of the five-star scoring system.
Under the proposal, cars will be ranked on how safe the computer-aided systems are, how well they stack up against peer scrutiny, their ability to log incidents and help with problem-solving, how easily the in-car software can be updated to fix a security hole, and how well they ensure that critical systems such as braking are separated from non-critical systems such as the car’s radio.
Last year, a pair of security engineering students was able to hack into a Ford Escape SUV and Toyota Prius hybrid hatchback and take over most of the car’s electronic systems.
They were able to take control of critical systems including the brakes and accelerator pedal, and even turn the steering wheel via remote control.
The aim of that research, paid for by the US-based Defense Advanced Research Projects Agency, was to determine if cars did have any security loopholes that could allow hackers to take control.
However, the cars hacked in the study both needed to be connected to a laptop, and could not be hacked remotely.
Vehicles are increasingly becoming as connected as a mobile phone as car-makers add real-time functionality to the in-car systems, such as live weather and traffic updates.
Some have now even become wireless internet hubs, allowing multiple devices to connect to them.