The content of the article:
- Kaspersky expands the scope of activities
- The likelihood of hacking a "smart" car
- The Achilles' heel of the on-board computer
- Reasons for the vulnerability
- Danger of burglary
- How to protect yourself
Given the fact that all modern cars are equipped with a variety of electronics as much as possible, a logical question arises - can they be attacked by hackers?
American blockbusters often show how an attacker remotely hacks into the car system and deprives the driver of control over the control, forcing him to crash into a pole or fly into a cliff. Is such a situation possible in real life and does the car need antivirus?
Kaspersky expands the scope of activities
The popular Russian company Kaspersky Lab, together with its Austrian colleague AVL, have already begun work on a special module that should protect a “smart” car, whose systems are controlled by an on-board computer, from any unauthorized access. The development will be a kind of gateway that controls all the electronic systems of the machine, and at the same time it will become a repository of all received data.
The idea of creating a car antivirus arose after analyzing the volume of world sales of cars with access to the Internet. If in 2015 the number of such models was about 3 million units, then by 2020 there will be about 20 million of them, each unit of which will be in potential danger before a hacker attack.
The likelihood of hacking a "smart" car
An NSA programmer with a partner clearly demonstrated how easy it is to take over any car from an ordinary laptop with an Internet connection. They "took possession" of the on-board computer of the SUV, forcing it to brake, turn around, turn on the windshield wipers and an audio system, open and close the doors.
The pursuit of the most advanced technologies that increase the living comfort of a person in general and a driver in particular, has led, as it turned out, to a new problem - vulnerability to hackers. Moreover, if someone breaks into a personal computer, it will not harm life and health, but if a car - the consequences can be tragic.
The Achilles' heel of the on-board computer
The on-board computer available in each car is a kind of command post through which all systems are controlled: engine, transmission, lighting, multimedia installation and others. It accumulates information about the processes taking place in the general "organism", collecting them from numerous sensors, and then issues a solution that helps the driver. In order to perform its functions as competently and efficiently as possible, a computer needs access to external sources of information: satellite data, maps, a software update server.
Thus, a paradox turns out: powerful and comfortable cars with such a compact but complex system turn out to be very smart, reliable, high-quality, but defenseless. It is the need for two-way communication between an isolated car computer and a dangerous external environment that gives hackers such a lot of scope for action.
Reasons for the vulnerability
Despite the fact that the range of electronic devices used in cars is expanding, the very principle of an on-board computer has been unchanged for more than forty years. Back in the 70s, manufacturers considered it too expensive a pleasure to equip each sensor and button with wires, which would need to be pulled to the control unit with a whole web. So the CAN bus saw the light, in which all the modules were tied to a single bus, while independently being able to receive and transmit signals.
Any office hub has a similar principle, where the computer of a particular user receives only the package intended for him, ignoring all others.
The trouble with such a device is the lack of verification of the validity of each specific command and its sender. That is, anyone who has access to the CAN bus will be able to subjugate someone else's car.
Technically, you can get to the CAN bus using the OBD diagnostic connector, which in many cars is located under the dashboard. Moreover, it is possible to install the corresponding sensor-bug in a split second, while the driver is distracted
A group of criminals can provoke an accident or a collision with a passenger to force the owner to leave the cabin, opening up opportunities for the sensor to be introduced. In some models, hackers are connected to the wiring thanks to electrics in the rear lights or through parking sensors.
Some malware is downloaded via Bluetooth, map applications, and even via a flash drive with music or movies. And American hackers, using JeepCherokee as an example, showed how with the help of an LTE modem it is possible to get into the "brains" of an on-board computer. They stopped the SUV in the middle of the road, rolled it into a ditch, locked the doors and turned on the music at full power. The carmaker Chrysler was so impressed with the experiment that it recalled more than a million and a half of its cars in order to correct all systemic flaws if possible and close the "back doors" for burglars.
All owners of the purchased machines received a USB stick with software updates that provide more protection.
Danger of burglary
If a few years ago any car could be repaired with a key and a strong word, now even the most budget model is stuffed to the brim with electronics: power windows, tire pressure sensors, a multimedia system, an engine control unit. Having gained access to the on-board computer, attackers will be able to:
- Enter the salon without physically breaking locks or windows and pick up valuables;
- Steal a vehicle and disable the satellite tracking system so that law enforcement agencies cannot track it;
- For the purpose of banal hooliganism or with a completely criminal intent to get remote control of a car in order to scare the driver or harm him and the vehicle. Another option is to use a vehicle stolen in this way to carry out an attack or terrorist attack.
How to protect yourself from hacking
You should not just hope for the good faith of the manufacturer and programmers developing automotive electronics. Unfortunately, computer security is far from the first place among carmakers. Therefore, each driver needs to be independently reinsured in order to prevent hackers from accessing their car:
- Do not install unlicensed applications into the on-board computer, even if the car itself offers to download them. Truly high-quality automotive applications are quite expensive, and those offered by a computer can be free, which attracts the driver's attention. However, most often such programs come from dubious sources - especially for various types of navigational charts that can lead to a virus infection.
- If you have problems with electronics or if you need to update the software, add an application, and other tasks, do not entrust such work to employees of roadside garages or friends who are tech-savvy.Both of them, most likely, will install "pirated" software or do not activate some functions, which will eventually cause problems with the car and constant "glitches".
- After contacting a company salon, a professional tire service and even a car wash, it is recommended to check the OBD port for unauthorized access to the on-board computer. If you find a "bug" in it, they wanted to hack you, so it is better not to visit this place again.
Automakers are still quite skeptical about Kaspersky's plans, continuing to independently develop software for their models. They believe that only the company itself can determine the level of reliability of its key systems. Meanwhile, "Laboratory" lays special emphasis on the fact that the future antivirus will become unique, since it will be created from scratch by Russian programmers, and not reworked from someone else's codes.
Although the representative of the center for strategic innovation "Rostelecom" warns developers against creating a completely closed system. Even if it turns out to be ideally reliable, it must go global so as not to isolate modern Russian technologies.
So far, the fact is unambiguous that an excessive desire to follow fashion and equip cars with the most sophisticated electronics distracts manufacturers from safety. It is possible that after the development of the first car antivirus, it will be necessary to amend the legislation, adding a special chapter on external, remote intrusion of intruders into the functioning of transport.
