back to article McAfee: Cyber thugs will turn your car into Christine

Poorly secured embedded systems in next-generation cars create a way in for hackers, according to a new study by McAfee. Hackers may be able to gain access everything from the locks to car engines and more, according to a report titled Caution: Malware Ahead that looks at the emerging risks in car system security. McAfee, …

COMMENTS

This topic is closed for new posts.
  1. Blofeld's Cat
    WTF?

    Two thoughts...

    1) Antivirus software for cars? I really don't need a three second pause between my hitting the brake pedal and the stop lights turning on.

    2) Can someone please develop an app which will allow me to steer that car doing 45 mph in the middle lane, into the empty left hand lane.

  2. Graham Bartlett

    Tin-foil hats at the ready!

    "Researchers have demonstrated that critical safety components of an automobile can be hacked, given physical access to the vehicle’s electronic components."

    Well duh! Guess what, if I can get at your engine then I can give you a pretty good denial-of-service with a pair of wirecutters. Or I can nail the throttle half-closed and stop you getting any decent power, or I can nail it fully open and make you fail emissions regs.

    Feckwits.

    1. dr2chase

      No need to get to the engine.

      I direct your attention to the most-critical safety component, "brakes".

  3. A.A.Hamilton
    Meh

    If only

    "remotely unlocking and starting a car via mobile phone"

    I'll gladly give anybody a mobile phone if they can start my Marina on a damp morning, even with the key.

    1. Paul RND*1000

      With the size and heft of smartphones these days...

      ...I think you could use one to remotely open the windows of any vehicle from a reasonable throwing distance. Your wonky BL clunker^H^H^H example of fine British automotive engineering included ;-)

  4. Tim #3

    Hmm

    Tis important that they highlight these risks to ensure manufacturers start taking responsibiity for security. The potential rewards will be an enormous incentive for people to work out how to hack these systems.

    By the way, presumably examples of such attacks actually happening in real life will always be hard to find- when a car is stolen, who knows how it was stolen?

  5. Anonymous Coward
    FAIL

    "McAfee, which partnered with Wind River " - o'really?

    Would it have been appropriate to mention somewhere that both these companies are controlled (wholly owned?) by Intel ?

    Or did the press release not make that clear?

    1. Bill B

      Ownership

      Agree with the poster ... Intel provides the chips; Windriver provides the OS (either Linux or vxWorks .. probably Linux for an infotainment hub) and MacAfee provides the security expertise.

      And they all keep it in the same family

  6. Anonymous Coward
    Facepalm

    Car Crime The Old Fashioned Way

    Has McAfee got anything that prevents four masked thugs base ball batting you on the doorstep and taking your car keys by force ?

    Nope, thought not.

  7. Anonymous Coward
    Anonymous Coward

    Next generation cars?

    That stuff is already on the roads.

    And they only mentioned the obvious threats. My favourite more subtle one is tracking USAians by the RFID chips in their tyres. Much easier than ANR.

    1. Anonymous Coward
      Black Helicopters

      Whoa there boy...

      I think you forgot the Bacofoil and these instructions http://www.origami-instructions.com/origami-hat.html.

  8. Anonymous Coward
    Boffin

    time to exit the denial phase, guys.

    Sorry, I've a bit of a rant to get through here, having worked in precisely this field, and found very little acknowledgement of the longer term risks. This is not unexpected, newcomers to the field will always underestimate both the efforts and the rewards of exploiting weak computers.

    The point is that you only need one clever guy to crack the system, and his exploit can then be packaged and sold to all and sundry.

    The "reward potential" for a car is quite high, a sophisticated infotainment system will have all manner of passwords and accounts, phone numbers, possibly NFC (near field comms) e-payment details. This is not to mention any scam exploits - like putting a bogus, urgent fault on the car that directs you to the nearest "friendly" garage, where you are relieved of some money.

    At the moment the industry is in the denial phase, it looks like too much effort, on too variable a platform. Good points both of them, cost and risk vs reward are the fundamentals of "the crime equation", but they are on a collision trajectory, costs will fall and rewards will rise.

    I was a little disconcerted by The Reg's uncharacteristically poorly informed opinion:

    "interesting exercise by F-Secure a few years back singularly failed to infect a car via Bluetooth and we've not seen anything since to suggest that this has changed, even with advances in the sophistication of technology that might make such a scenario more feasible"

    I would recommend reading: http://www.autosec.org/pubs/cars-usenixsec2011.pdf

    Wherein the following passage appears:"We next assess whether an attacker can remotely exploit the Bluetooth vulnerability without access to a paired device. Our experimental analyses found that a determined attacker can do so, albeit in exchange for a significant effort in development time and an extended period of proximity to the vehicle.

    They go on to describe in detail what can be done, today. Read on....

  9. /dev/null
    Devil

    "we should all move back to wholly mechanical cars"

    Well, maybe not "wholly* mechanical, I think an alternator is an acceptable electronic device to have in a car. Maybe even a contactless distributor... But nothing more complicated or treacherous than that, thank you.

  10. squilookle
    Thumb Up

    Cyber thugs will turn your car into Christine

    Christine could repair her/itself if I remember rightly. That is a feature my car sorely lacks... I look forward to it.

  11. Anonymous Coward
    Pint

    Oh Jebus!

    McAfee sales are down again then? Sales down, stir up some unsubstantiated shite, frighten a few people and get our name in the press!

    What a load of wotnot!

  12. Anonymous Coward
    Facepalm

    If McAfee...

    ... can produce software that blocks blatant infomercials masquerading unconvincingly as news articles, then I'm all for it.

  13. Anonymous Coward
    Anonymous Coward

    Parasites calling wolf

    I think we are willing to accept there are security issues with embedded systems in vehicles, we just don't want to hear from a vendor of parasitic bolt on afterwards anti-virus packages. It's the developers of the systems that need to get the message on security.

  14. Anonymous Coward
    Anonymous Coward

    Surely it's not just me who thinks this is obvious...

    Haven't we already had exploits for the remote keys for some cars?

    The manufacturers of wireless gizmos for anything are notorious for getting security wrong, why should car systems be any different?

    I'm slightly surprised that there haven't been more attacks on remote car keys, except that, of course, bricks are still pretty cheap.

This topic is closed for new posts.