MADISON, Wis. -- You might have seen that frightening episode of the CBS series, Person of Interest, in which a fictional social media company's billionaire founder loses control of his car.
From the street, the driver appears to be either a total nutcase (well, in this case, he is) or heavily intoxicated. His car weaves through traffic left and right, crossing lanes willy-nilly and clipping other cars.
But inside the car, the driver is helpless. Any control he tries, especially the brakes, is overridden, apparently by the car itself. Unbeknownst to the driver, of course, the car is under remote control.
Inevitably, the car blows up (creating an exciting visual). However, the software genius escapes in the nick of time.
This, of course, is TV drama. It's fiction. A remotely compromised car is a scenario that makes a good thriller and scares the bejesus out of viewers. But possible in real life? No way.
Well, wait a minute.
In March 2011, a team of scholars at the University of Washington joined with colleagues from the University of California-San Diego, in a technical paper entitled "Comprehensive Experimental Analyses of Automotive Attack Surfaces." They prepared it for the National Academy of Sciences (NAS) committee on electronic vehicle controls and unintended acceleration.
Dirk Besenbruch, engineer, group leader of Systems & Applications, Automotive, at NXP Semiconductors, recalls the paper as a wakeup call. "It triggered our work at NXP" on automotive security, he said in a recent phone conversation with EE Times.
The academics' point was to debunk automotive industry skepticism about the hackability of on-board electronics. The industry's conventional wisdom was that "to implement an attack, the attacker would need to physically connect attack hardware to the car's internal computer network."
That got the university researchers going. They ran "a systematic and empirical analysis of the remote attack surface of late model mass-production sedan," according to the authors.
The researchers were aware, as they conducted their study, that no serious security automotive security breach -- like the one on the TV show -- has ever compromised the safety of cars and drivers in the real world. The paper's author pointed out, "Traditionally automobiles have not been network-connected and thus manufacturers have not had to anticipate the actions of an external adversary."
In the paper, however, they cautioned: "Our automotive systems now have broad connectivity; millions of cars on the road today can be directly addressed via cellular phones and via Internet."
Where vulnerabilities exist
Source: Technical paper -- "Comprehensive Experimental Analyses of Automotive Attack Surfaces"
CAN bus is the crux of the issue?
While noting that the CAN bus is a "good, fault tolerant network" inside a car, NXP's Besenbruch acknowledged that there are a number of ways hackers can worm their way into the internal network and get to the Electronic Control Unit (ECU).
The flexibility of the CAN bus has created a safe and cost-effective network enabling vendors to attach a number of computer control systems (ranging from the window controllers to the locks and critical safety elements such as brakes and engine). But that flexibility also creates the opportunity for new attacks -- including one in which a car's internal network can circumvent all computer control systems including mission-critical functions. Besenbruch acknowledged that it's entirely feasible for someone to remotely turn the car-audio volume ALL THE WAY UP, for example, or worse, stop or start the engine at will.