Automobile security is a new fast developing market with all the mobility and infotainment. It is very refreshing that TI and co are not leaving that for firms like Bosch, TRW, and Conti to dominante as has been the case in many automotive areas. Now, they are moving fast.
I agree, goafrit. Even more interesting to me is that a lot of security issues chip companies have learned by working with other industries --computers, smartcards, mobiles -- are now becoming very relelvant and applicable to the automotive market.
Perhaps it's just me. I tend to get exasperated when this topic keeps piling on the various security holes as if they were all critical. Hacking via a physical connection to the OBD-II port, or hacking into the infotainment system to change the station, or hacking into the telematics system to see how fast you're going, are no more of a threat than someone listening in on your cell phone conversation. That can happen too, yet we're not making a huge deal about it.
On this topic, it is just this sort of sensationalism that turns me off. I wouldn't be surprised if others feel the same way.
On the other hand, the real threats are to the critical systems, as I've suggested in the past, i.e. brakes, steering, and lastly throttle, and in particular with a remote wireless link. Not physical connection to OBD-II, even though these articles keep insisting that should count too. As many have said, an inside the car physical sabotage can take such a gymongous variety of types that it strains credulity to give an electronic attack any emphasis. It just sounds like a desire to sensationlize. So let's focus.
It seems that at least one car model allows disabling of the brakes via a remote wireless link. To me, that's inexcusable. The steering vulnerability that was uncovered, on the other hand, appears to be manually overridable. That's good design, and why not mention that explicitly?
I'm not denying the importance of introducing more security protocols into automobile electronics as these become more interconnected and pervasive. Just asking to increase the signal to noise ratio, as it were.
Bert, it's unfortunate you see the story going after "sensationalism." As I talk to different automotive technology suppliers, though, this is high on their mind. I see my job is to "report" what their next steps are.
One TI official pointed out (see in the page 2 of this article), though, that someone remotely fiddling with your car audio shouldn't be entirely taken lightly. It could cause a havoc, confusion and chaos.
There is currently a market for reprogramming performance aspects of engine controllers such as emission controls. This is mostly done in professional race circuits, but it is also an aspect of high-end street racing. It looks like this may eventually become a victim of increased emphasis on security as automotive networks get locked down. This is similar to Linux's problems with UEFI BIOS on PCs, where security concerns removes some degree of what a user can do with something that they own.
Will this extend to other third-party add-ons as well? Will a third-party stereo be able to get access to light levels or other information that a user might want it to? Will that be a big concern for car companies that have never liked third-party add-ons anyway?
TI should find something more productive for its employees to do.
Who cares if you can physically wire some modification to control the car? Its all a bunch of overhyped sensationalism. I can also 'hack' into it by dropping a brick on the pedal and make it magically accelerate. I can also keep it from starting by disconnecting or "Hacking" the battery cable!
Show me how to control an off-the-shelf car remotely without making any physical modifications then I will be impressed.
I think remotely controlled cars are not the problem that I fear. I fear to buy me one day a car with a manipulated speedometer or that a hacker steals my car. I remember an article where thieves used the LIN bus interface of a car mirror to open the doors.
Several years ago there was a demo of hooking into the bluetooth infrastructure on cars using directional antennas from a highway overpass (the authors injected audio into the sound system, and could visually confirm success by observing driver's reaction :)
The thinking then is that the car manufacturers could not resist introducing integrated in-vehicle networks, which opens up a possibility of a horizontal access escalation from the sound/entertainment network to the car control network. The demonstration of CAN/OBD vulnerabilities should make people think in terms of integrated, interdependent systems that need multilayer security.
In my opinion the car security has to be taken more seriously than the mobile phone security. In case of the breach of security in a mobile phone there could be an identity theft resulting in financial loss and may be the loss of private information. But in case of car it is a matter of somebody's life putting in danger if a critical system in the car is compromised.
I couldn't agree wtih you more, prabhakar. I find it, however, fascinating that expertise the chip industry has developed over time -- be it in mobile or in smartcars -- can be now applied to automotive.
I think the initiation of thinking about the car security is started at the very right time.
This will be more required in the public vehicles as compared to the private vehicle, as there are more chances and possible availability of the vehicle for any alterations.
If all the control electronics is from one vendor then it will be much feasible to put security protocols in the hardwired electronics itself, but if we talk about generalized security solutions across all the different vendors then this might take some years time to get the things standardized.
But it really seems that the topic requires very many considerations.
Much of the initial work on automotive security started several years ago within the automotive industry, culminating to the development of SHE (secure hardware module) spec and a framework such as EVITA, as described in the article.
We are now beginning to see electronics based on such specs and that meet with the framework.
Cars equipped with such electronics are not here yet, but they will start showing up soon.
Yes, It was a very good source of information, SHE (Secure Hardware Extension) and EVITA, are the emerging standards for Automotive Electronic Security, and it was a very surprising to me that virtually all the electronics giants are working on it name it a few like Mentor Graphics, Toshiba, Freescale, Renesas and the list continues.
You are right SHE enabled automotive electronics will be soon getting seen in the general automobiles.
These glass windows can easily be "hacked" with a brick, enabling hackers access to the car. I would suggest making the car like a tank and using video monitors instead of the windows. Maybe TI's employees can work on that instead of this pointless illustration of "car security threats"
Loser99, I am sorry that you feel that way. When modern cars are equipped with so much electronics (and its content is increasing), invisible hacking inside the electronics system in a car is going to be a critical issue just as much as visible hacking via glass windows is.
Very interesting thread...which brings in my mind a key point whether cyber or physical threats are more important...when we discuss car hacking possibility it sounds worrysome...until we realize that 40,000 people annualy die in car crashes already...so even with the best technology you can get hit from behind by a teenager texting (nothing against teenagers, just an example)
May be you are right, but Cars are not being controlled by GPS. And Securing the car from all known threats it responsibility of the manufacturer, so this thread of security enhancement will any way continue.
@dvk0, well, certinaly this is a cool video. What it shows, though, is not necessarily an answer to the question whether a car or a ship can be hacked; it is about where the weak link resides within any system that an attacker can go after. In this particular case, it is clearly the GPS. In the case of cars, it wasn't GPS, but there are a number of other attack surfaces that researchers exposed.