University researchers and security experts are warning that hackers could manipulate a car’s computer controls remotely through its Bluetooth, Wi-Fi, or OnStar-type connections. The potential outcomes have caused concerns among automakers and the federal government: Hackers could control the brakes of numerous cars simultaneously, corporate spies could eavesdrop on a motoring executive’s phone calls, or thieves could electronically locate, break into and start cars they’ve targeted to steal.
Last year, car hacking raised eyebrows when a former employee of a Texas used-car dealership accessed a dealership system intended to remotely deactivate cars whose buyers failed to make payments. He created mayhem by blaring the horns and shutting off the engines of more than 100 vehicles, according to a McAfee analysis of emerging risks in automotive system security.
Other vulnerabilities include the possibility of malware downloaded on the in-vehicle “infotainment” system through car-enabled application stores, Internet access, and even remote connected consumer devices, according to McAfee.
“I can definitely imagine organized crime or potentially even nation-states leveraging weaknesses in these functions to cause different kinds of havoc,” said Ryan Permeh, a principal security architect at Intel’s McAfee division.
In one unidentified city in the McAfee report, a security tester found that a hacker penetrated police-car camera recorders, and “he was easily able to upload, download, and delete files that stored months worth of video feeds.”
The National Highway Traffic Safety Administration says it’s “aware of the potential for ‘hackers’ and is working with automakers to better understand what steps can and are being taken to address the problem. The agency also said it’s asked the National Academy of Sciences to look into the matter.