Talking cars: the next hacking target

June 10, 2014: 1:01 PM ET
Mulally on car tech: Safety vs. privacy
NEW YORK (CNNMoney)

In the near future, your car will be equipped with life-saving computer software that can prevent accidents. But that technology also creates a major opening for cyber terrorists.

The U.S. government in the next decade will require vehicle-to-vehicle communication, or V2V. Cars will coordinate by talking to each other -- and interacting with the road too. A car equipped with V2V will sense traffic up ahead and automatically hit the brakes if you're about to get into a collision.

This network could help avoid 80% of the crashes involving sober drivers. That would save nearly 20,000 lives per year, according to National Highway Traffic Safety Administration figures.

But security experts warn that connecting a computer's wireless communications technology with its core controls could pave the way for cyberattacks on automobiles.

As computers, cars can be hacked. The only thing stopping a fatal cyber hijacking right now is that most cars aren't yet hooked up to the cellular network. That's already changing. The next generation fleet is made of wirelessly connected cars.

But even then, the wireless hub feeding your entertainment system doesn't have to connect to core controls, like steering. However, the federal government's V2V program will change that too.

Related story: Get ready for car software updates

"That's the gateway into the rest of the car. Once you're on board to that central computer, all bets are off," said Scott Morrison, who oversees automotive app engineering at CA Technologies (CA).

Consider these hacking attack scenarios:

  • Malware streams into your dashboard Web browser and an outsider takes full driving control.
  • A Wi-Fi-enabled traffic light tells your car it's red when it's not -- forcing you to stop. Another car hits you from behind.
  • Your car senses a nearby truck getting close. But it's never really there. Your car automatically swerves into another lane anyway.
  • And the doomsday scenario: A team of hackers breaks into the highway's grid system and tells every car to make a sharp right turn while traveling at 70 miles per hour.

Hackers control car's steering and brakes

"A lot of us in the security world are just waiting for the next major attack in infrastructure and auto," said Ed Adams, a researcher at Security Innovation, which helped write safety and privacy features into the computer language for the government's V2V pilot programs. "We're doing our best to make it as secure as possible, but it's just not a realistic goal to make a car's 100 million lines of code hackerproof."

Federal transportation regulators would not comment for this story. However, interviews with automakers, suppliers and security advisers show that all are collectively preparing for these kinds of dangers. That's why Ford (F) and Toyota (TM) have internal firewalls to guard against incoming software commands. Tesla (TSLA) awards hackers who spot software bugs in its system that hackers might one day exploit.

Related story: Why your car is a hackable computer

One anti-hacking tool auto manufacturers could use is redundant data points, says Tejas Desai, head of interior electronics for a regional division of Continental, a major auto parts supplier. Instead of relying solely on incoming car-to-car messages, a car could confirm that a crash is imminent by checking its on-board radar or video camera before slamming on the brakes or swerving.

And here's the good news: There's a general consensus -- in every corner of the auto industry -- that the V2V system will save more lives than it will actually harm.


Search for Jobs