Several years ago there was a demo of hooking into the bluetooth infrastructure on cars using directional antennas from a highway overpass (the authors injected audio into the sound system, and could visually confirm success by observing driver's reaction :)
The thinking then is that the car manufacturers could not resist introducing integrated in-vehicle networks, which opens up a possibility of a horizontal access escalation from the sound/entertainment network to the car control network. The demonstration of CAN/OBD vulnerabilities should make people think in terms of integrated, interdependent systems that need multilayer security.
Loser99, I am sorry that you feel that way. When modern cars are equipped with so much electronics (and its content is increasing), invisible hacking inside the electronics system in a car is going to be a critical issue just as much as visible hacking via glass windows is.
These glass windows can easily be "hacked" with a brick, enabling hackers access to the car. I would suggest making the car like a tank and using video monitors instead of the windows. Maybe TI's employees can work on that instead of this pointless illustration of "car security threats"
I couldn't agree wtih you more, prabhakar. I find it, however, fascinating that expertise the chip industry has developed over time -- be it in mobile or in smartcars -- can be now applied to automotive.
Much of the initial work on automotive security started several years ago within the automotive industry, culminating to the development of SHE (secure hardware module) spec and a framework such as EVITA, as described in the article.
We are now beginning to see electronics based on such specs and that meet with the framework.
Cars equipped with such electronics are not here yet, but they will start showing up soon.
I think the initiation of thinking about the car security is started at the very right time.
This will be more required in the public vehicles as compared to the private vehicle, as there are more chances and possible availability of the vehicle for any alterations.
If all the control electronics is from one vendor then it will be much feasible to put security protocols in the hardwired electronics itself, but if we talk about generalized security solutions across all the different vendors then this might take some years time to get the things standardized.
But it really seems that the topic requires very many considerations.
In my opinion the car security has to be taken more seriously than the mobile phone security. In case of the breach of security in a mobile phone there could be an identity theft resulting in financial loss and may be the loss of private information. But in case of car it is a matter of somebody's life putting in danger if a critical system in the car is compromised.
I think remotely controlled cars are not the problem that I fear. I fear to buy me one day a car with a manipulated speedometer or that a hacker steals my car. I remember an article where thieves used the LIN bus interface of a car mirror to open the doors.