Having just gotten a new car (actually a two-year-old car new to us), a blog post by Bruce Schneier on automobile security caught our eye. We’ve heard it said that there are more electronic systems in today’s cars than there were on NASA’s moon rocket.
Schneier refers us to an academic paper, “Experimental Security Analysis of a Modern Automobile,” that advises how someone familiar with all those electronics could commit mayhem with a car.
“Modern automobiles,” the paper’s authors begin, “are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks…
“We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input – including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
Think of that next time you put your key in the ignition.