Heading Off Hackers

"The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes. Anything with a computer chip in it is vulnerable, history keeps showing us."
Rich Mogull, Securosis, Phoenix

"We could control steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge."
Chris Valasek, Pittsburgh computer security consulting company

If anything could go wrong in mechanical systems, it may do just that. Sometimes spontaneously, sometimes from fatigue of use, and sometimes as a result of skilled computer hackers entering a system and corrupting it to reflect their orders not the designed and inputted orders programmed to operate all the systems of a motor vehicle. What was once purely mechanical in design and function has been replaced with far more advanced computer-designed software in the control of mechanical functions.

Driving has become much more effortless, more pragmatically simplified for the driver and in some ways perhaps safer. But with less to be preoccupied with in the maintenance of one's driving skills attention can so easily become diverted because the driver is bored, and looks to other mind-absorbing things to round out his attention. Like, for example a cellphone; Bluetooth making even that more accessible

Our vehicles now resemble in function if not yet form, personal-computers-on-wheels. And since they're so profoundly computer-driven now, what makes them any less vulnerable than desk-top or laptop computers to the frustrating malicious intervention of hackers? The thing is, who might it even have occurred to, that what could be done with an ordinary computer could also be done with function-computerized vehicles?

There appears not yet to have been any reports of criminal hackers actually managing to manipulate the internal network of a car. But it has been done, and quite effectively, by computer security experts who have deliberately set out to test the access-vulnerability of vehicle-based computer networks. Their success didn't come easily. It took concentration and time, lots of it, for them to succeed, but succeed they did.

Demonstrating that high-tech hijackings could be just around the corner. Even, perhaps, demonstrations of road rage embarked upon by the skilled sociopath. And experts claim that these intrusions will become even easier as auto manufacturers give their products full Internet access, adding computer-controlled safety devices taking over more and more driving functions.

A technically skilled thief might discover how relatively easy it may be to unlock the doors of your vehicle and jauntily drive off with it. The last twenty-five years has seen automakers gradually embrace computerized functions like steering, braking, accelerating and shifting. There is greater performance reliability in electronic gas pedal position sensors than in the old throttle cables.

In the advances toward using less fuel in cars, electronic parts reduce the weight of the finished product as an additional bonus. Hackers have been able to convincingly demonstrate their capability of slamming a car's brakes at freeway speeds, pull the steering wheel one way or the other, shut down the engine ... from the vantage of their laptop computers. All cars and trucks possess from 20 to 70 computers.

In one instance a pair of hackers manipulated two vehicles by plugging a laptop into a port beneath the dashboard. The very place where mechanics connect their computers in an effort to electronically search out operating problems in vehicles. Yet another group of hackers took control of a car's computers through cellular telephone and Bluetooth connections, the compact disc player, even the tire-pressure monitoring system.

The idea behind all of this effort, taken up by security experts was to make vehicle manufacturers fully aware of just how potentially vulnerable their products are to malevolent intrusion. Ford Motor Co. defensively said it takes the issue seriously indeed. Toyota responded by assuring it has added security and tests regularly to ensure its products advance safety beyond the reach of hackers.

Its computers, they stated, are programmed to recognize rogue commands and to reject them. Reassuring, isn't it?