Editorial: Is your vehicle safe from computer hackers?

Computer hacking exploded when the Internet evolved, making it easy to access computers via networks; and, now that wireless connections have become commonplace, formerly “closed networks” where you had to gain a physical connection to gain access, have become “open networks”.

As more and more devices incorporate computerized technologies, risks that were never considered in the past have come to the forefront — one example, is the motor vehicle.

You might be the guy behind the wheel — but increasingly, computers are controlling the functioning of your car. Hidden microprocessors are being used to direct braking, acceleration, and even the horn.

One source who provides electronic designs and consulting for auto manufacturers and suppliers says that there are anywhere from 30 – 40 microprocessors in most cars; up to 100 running different functions in some vehicles.

Since most Historic City News readers are more techno-savvy than your average consumer, I probably don’t have to remind you that it’s been a long time since the car radio was the only communications device in your vehicle; or that today, communications have become two-way by default.

I drive a General Motors vehicle with On*Star. I can use my smartphone to lock and unlock my vehicle, start the engine, check the tire pressure, and even check how much further I can drive before I run out of gas. Neat — but, spooky.

My wife and I drive cars insured by a gecko — but Flo says Progressive can save me up to 30% on my premiums. All we have to do is plug “snapshot” devices into the service port on each vehicle for a month. Then, they’ll tell us exactly how much we can save — based on how we drive our cars. We are halfway through the “trial” and, so far, they don’t estimate that we qualify for any additional discounts.

The spooky part is that I can go to the Internet, on my computer or smartphone, and see how many miles each of us are driving, how many times we brake too hard, how many times we accelerate too quickly, and monitor several other factors that they say are relevant to their risk. Its all being updated, with no intervention; and, if I hadn’t been the one who plugged the device in, I wouldn’t know anyone was paying attention.

Do I have your attention yet? Could a hacker compromise these systems?

Consider this; recently, several news reports have raised the issue of car-hacking risks — including:

•Vehicle disablement. After a disgruntled former employee took over a Web-based vehicle-immobilization system at an Austin, Texas, car sales center, more than 100 drivers found their vehicles had been disabled or their horns were honking out of control.

•Tire pressure system hacking. Researchers from the University of South Carolina and Rutgers University were able to hack into tire pressure monitoring systems. Using readily available equipment and free software, the researchers triggered warning lights and remotely tracked a vehicle through its unique monitoring system.

•Disabling brakes. Researchers at the University of Washington and University of San Diego created a program that would hack into onboard computers to disable brakes and stop the engine. The researchers connected to onboard computers through ports for the cars’ diagnostic system.

Even though the risk is real enough, there doesn’t appear to be any financial reward for hackers to focus on automobiles. Of course, that isn’t going to stop the hardcore hacker; whose gratification comes from achieving the hack — not from the financial reward.

Security is largely in the hands of auto manufacturers, who industry insiders say are working to address concerns; but, until that happens, there are still some things you can do to protect your car from hacking.

•Ask about wireless systems. Familiarize yourself with the wireless systems if you’re purchasing a new car. For a car you already own, you can review your manual or check online. Find out if any of the systems can be operated remotely.

•Ask about remote shutdown. If you’re financing through the company from which you purchased the vehicle, ask about remote shutdown related to repossession. Make sure the seller has security measures in place that control access to the system.

•Go to reputable dealers and repair shops. It’s possible for unscrupulous garages to manipulate your car’s computer systems, making it appear you need repairs that aren’t actually warranted. Don’t cut corners when it comes to choosing a dealer or repair shop.

•Protect your information. Of course, locking your car is always wise. And if you use On*Star, make sure you don’t leave On*Star-related documents or your password in the car. Since On*Star can remotely shut off your engine if you report the vehicle stolen, there’s the potential for mischief if your password falls in the wrong hands.

•Be cautious about after-market devices. After-market car systems may not be as rigorously tested or designed, opening you to vulnerabilities.

I hope our readers will take precautions. I compare the use of computers in cars to the use of personal computers in our homes and businesses. Once you have established a connection to someone’s vehicle, you have an entry point from which to try to gain access. The only thing standing in the way today is a standardized piece of software.

It’s a concern we need to address.