Vehicles on the road today are already joining our larger “Internet of things.” They sync up with our phones through Bluetooth; they register on GPS satellites for navigation; and their mechanical difficulties can be diagnosed at a distance with services like On Star. But future technology that allows cars to talk to each other directly promises to be much more disruptive still. And that technology has gotten a new push in the last week—at the same time that its potential security weaknesses have been highlighted.
The approach, called “connected-vehicle technology,” would make use of the car’s onboard computers to send information such as the car’s orientation, speed and location anonymously to all other vehicles in a certain range via WiFi-like signals—what the Department of Transportation calls a “Here I Am” message. The aim of this information is to give drivers warnings of oncoming vehicles in time to let them avoid collisions. Last week the National Transportation Safety Board, in an investigation of recent fatal bus accidents, recommended that federal agencies lay the groundwork for all highway vehicles to eventually be equipped with this technology.
A prototype of a vehicle-to-vehicle communication system is being trialled now in Michigan, according to NBC:
Last August, the NHTSA began conducting a yearlong study of 3,000 connected vehicles in Ann Arbor, Mich., using WiFi-like components that send electronic data messages back and forth and translate the data into a hazard warnings for the drivers. The test is focusing on safety at intersections, lane changes and rear-end accidents involving vehicles stopped at intersections.
Beyond informing drivers, connected cars could someday take appropriate avoidance actions themselves. Thus communications networks are an important step toward fully autonomous cars, such as those that Google is testing on roads across the country.
Cars more connected, more exposed
But, as is true elsewhere in our increasingly networked world, cars’ new communications grid will also make them more vulnerable. That vulnerability has been highlighted this week, with the announcement by two well-known hackers that they have successfully attacked critical automotive systems in the Toyota Prius and Ford Escape by way of the cars’ computers.
The hackers, Charlie Miller and Chris Valasek, are so-called white hats—hackers who try to uncover weaknesses before they can be exploited by criminals. In their testing the duo was able to yank the Prius’s steering wheel, control its acceleration, and cause the car to brake suddenly at 80 mph. On the Escape, they were able to disable the brakes when the SUV was driving slowly. They say they will demonstrate these attacks at the Def Con hacking convention in Las Vegas this week.
These attacks were carried out by a laptop physically wired into the car’s system—an unlikely scenario in the real world. But past research has shown that remote access is possible via existing car communications systems. In 2011 researchers successfully hacked into cars using Bluetooth and cellular phone networks. In their paper (pdf) they explain:
An adversary could use such means to compromise a vehicle’s systems and install code that takes action immediately (e.g., unlocking doors) or in response to some environmental trigger (e.g., the time of day, speed, or location as exported via the onboard GPS).
The scrutiny brought about by these latest hacks will, Miller and Valasek hope, pressure regulators and car companies to increase security in the coming age of the networked car. And someday soon, when we’re broadcasting all sorts of information about ourselves in
the mobile WiFi hotspots that are our cars, we’ll be glad they did.