The first is a paper by a University of Washington/UC San Diego collaboration which looked at what you could do if you had successfully hacked into the internal network of a car (its "CAN bus"). They worked experimentally with current commercially available cars, and showed that pretty much all the electronics of the car can be reached from anywhere else in the car, and that they could disable the engine, activate the brakes, disable the brakes, and do other highly unsafe things while the car was moving. They even found ways to disable the car that were not fixed by restarting the car or removing and replacing the battery.
It wasn't the focus of the paper, but they also mention some external avenues of attack to hack into the car remotely. One is that things like music players become attached to the cars internal network, and that potentially includes things like iPhones which are connected to cell networks and have well-known vulnerabilities of their own. Also, some cars have remote cellular connection to services like onStar, which goes to a component on the car's internal network. And then they found no fewer than five wireless interfaces on the car, and,
While outside the scope of this paper, we wish to be clear that vulnerabilities in suchThe second paper looks specifically at wireless tire pressure sensors which are now being required on new cars. They show that the wireless interaction between the tire pressure sensors and the antenna on the back window of the car can be intercepted up to 10m away with a cheap antenna, and the protocol is not secure and can be intercepted and interfered with.
services are not purely theoretical. We have developed the ability to remotely compromise key ECUs in our car via externally-facing vulnerabilities, amplify the impact of these
remote compromises using the results in this paper, and ultimately monitor and control our car remotely over the Internet.
To my evil old alarmist brain, this raises some intriguing possibilities. Let us make the following assumptions:
- Suppose it's the case that a small number (let's say 0.1%-1%) of cars on the road at any one time have internet accessible vulnerable components attached to their internal networks (eg a smartphone or a remote service interface). It seems eminently likely that this is true.
- Let's further suppose that there exist vulnerabilities in the internal wireless interfaces of most cars, such that if you have compromised the network of one car, it's possible to compromise a second car if its within some range - let's call it the attack range, and guess it to be around 10m.
Anyway, posit the second assumption as a hypothetical, because if that were true, I believe the implications would be pretty interesting.
In particular, I think it would open up the following cyberwar type attack to potentially seriously cripple entire cities.
The idea would be to launch a worm that would spread on the Internet (in any of a number of well explored ways) looking for vulnerable smart phones. Smart phones have GPS devices in, so the worm, having infected the phone, could ensure it was only operating in some geographic area of interest (eg the US, or a particular city). The worm could then check if it was on a smart phone that happened to be plugged into a car, and if so compromise the car. It could then use whatever wireless opportunities were available to compromise any other cars within the attack range. It could also disable the car (eg by locking up the brakes, stopping the engine, etc).
The idea would be that the worm would seed itself into the small minority of cars that are Internet vulnerable and from there spread into the larger majority that are not.
If this worked correctly, the end result would be a city with all its major freeways and surface streets full of disabled cars, a situation that would paralyze almost all commerce. It would probably take weeks to straighten out the mess.
I think some basic principles here are these. In heavy traffic like this:
I think we could expect a car worm to spread easily from car to car as the cars are closer than the posited attack range. This would roughly correspond to the red areas in traffic maps like this one (from Google maps):
In lighter traffic (eg the green zones above) we might expect the worm to fail to spread. In all infectious agent/chain reactions there is a concept of the epidemic threshold. If an average infected agent (car in this case) can infect more than 1.0 other agents then the epidemic will continue to grow and spread. In regions where the average infection potential falls below this, the epidemic would usually peter out and die. So in traffic like this:
you might expect the worm to initially fail to spread.
However, car traffic has the interesting property that it would probably self assemble to infectious densities. If a few cars get infected and disabled, cars coming up from behind will slow down as they approach and carefully skirt round the infected/disabled cars. They in turn might then get infected, which will soon snowball into a complete blockage of the road. Then all cars approaching the blockage will slow down and form up in line immediately behind the car in front, with each car being infected and disabled as it approached too close.
Thus even relatively lightly trafficked roads would soon be blocked by a series of clusters of disabled cars (with open road in between).
In addition to stressing that it's unclear whether the kinds of vulnerabilities required to do this exist, I also stress that this is no teenage prank - it would be a major project requiring tens or even hundreds of millions of dollars in engineering work to carry out. Vulnerabilities would have to be identified in all major make/models of cars, and code written to identify the type of components on neighboring cars, compromise them, disable each different kind of car, etc. If you figure that it takes a few engineering years of effort for each make/model (look at the author lists on the papers above), and you would probably need to target tens or hundreds of models, you can see that the effort is up in the tens-thousands of engineering years, and thus tens - hundreds of millions of dollars. So this is definitely only a nation state possibility.
It will be interesting to see as more research on automobile security comes out whether such car-to-car vulnerabilities exist or not in present day cars.