How Safe Will Cars Be From Computer Viruses?

The Four Wheel Drift from Apex Marketing Strategy

With all the computer-based technology in a modern car
how long will it be before hackers find an "in"?

Two nights ago my wife yelled for me from her home office. Unfortunately, a virus had infiltrated her notebook pc and had taken the whole system over. Like other pediatricians, she has been working long hours due to the nasty spread of H1N1. Ironically, standing in the way of her dictating the huge stack of patient charts was an entirely different type of destructive virus.

As some loyal readers know, long before I was an automotive writer I was a tech geek. I was first exposed to computer viruses in the late 1980s when my high school became the first in the world to get hit with a system-wide virus -- the dreaded nVIR, which took down the school’s fledgling Mac network. After college, I ran the business and technical operations of an early internet provider, Cyberspace.com, which in 1995 provided me the opportunity of working in cooperation with the FBI Computer Crimes Division in an attempt (make that “failed attempt”) to apprehend one of the world’s most wanted hackers and phreakers (one who hacks telecommunications networks and phone systems). I also later worked for web, system management and security software companies.

Ridding computers of malware (the name for malicious software viruses, worms, adware, etc…) is very similar to fixing problems with a car. One simply tries to methodically isolate the symptoms and problems. It is generally a tedious process, but with a great sense of accomplishment when the system is returned to good working order.

Just like with automotive technology, computer viruses have become far more advanced and complex. I marveled at this specific virus’ ability to lock out the Task Manager and Registry Editor functions, prevent .exe files from running, all while elegantly blocking any web site with any mention of the name of the top anti-virus software applications.

At roughly 1:30AM in the midst of running a scan my train of thought segued from tampering with computers to hacking cars. I chuckled as I remembered when my friends wired the brake light circuit of a guy’s Miata to the horn, so the horn blew every time he hit the brakes.

Then almost immediately I got a sinking feeling in my gut.

It occurred to me that the day when an elegantly-designed, yet very malicious virus targeted towards cars and trucks is far closer than anyone has seemingly acknowledged. Since I’m not a big fear monger, I’m only going to present a plausible future based on the reality of the present.

Hackers and virus designers utilize two elements to work their evil magic: a host (a vulnerable system) and access (the ability to remotely install software to said host system). As far as the former component, cars have been developing as host systems since ECUs of electronic ignition and fuel injection systems replaced points and carburetion in the 1980s.

When the 1997 C5 Corvette first appeared, it did so with more on board computers than the first NASA Space Shuttle. All of these computers working to manage the C5 were essentially closed systems with access available only via a mechanic’s scanners…and largely cars today are in a similar situation, at least for the most part. While scanners do have downloadable updates, the manufacturers ensure that these are also fundamentally closed systems.

The biggest gift to hackers in terms of access is the Internet. By web-enabling cars and trucks to upload and download data from the ‘Net, this can certainly provide the right mind with a key to create mass vehicular chaos.

Let’s face it -- the worst thing that can happen to your home computer is that all the data is erased and a full reformat and reload of software is required. All one needs to do is have a creepy imagination (like I do) to see the infinite opportunities for wreaking far greater damage on daily life that viruses could have in the automotive world as compared to personal and business computing. Think of it like Hootie and The Blowfish versus The Beatles in terms of global impact.

New vehicles feature drive-by-wire throttle control, computer-managed variable ratio steering, software-driven transmission, data-processing for stability control (yaw, ABS braking and traction control), and of course on-the-fly manipulation of fuel, spark and air induction. If these systems were to be insecurely tied (even indirectly) to a seemingly innocuous web-enabled process – any or all systems could be hacked and reprogrammed with a virus created by a guy sitting in his parent’s basement with a couple computers and a stack of empty pizza and Mountain Dew bottles.

Imagine if your car had a virus that sporadically reversed the drive-by-wire gas pedal to make wide-open-throttle at the standard idle position. Maybe someone’s idea of “funny” would be to constantly vary the variable ratio steering or deploy all the airbags given a certain odometer reading. My nightmare, though, is that a hacker would write a virus to utilize throttle position data and stability control to simply speed a car up, apply one brake and disable all airbags to ensure a catastrophic collision.

How much web-enabling is enough to open the Box in Pandora’s Camaro? I have no idea. Since manufacturers are already touting in ads the ability for cars to send emails to dealers and text to owners when service is necessary, the window of opportunity seems to be opening. If I were a betting man, I’d guess that the moment one can browse the web or check email via a factory-installed navigation system, the games will be on.

I hope I’m wrong. Maybe the worst thing that will happen is that the nav system in all Dodge Chargers will instantly show all Hooters restaurants and adult theaters in the US. Of course, given that car’s demographic, this would probably be considered a well-appreciated benefit.

As I recall in my discussions with the FBI Computer Crimes guru, the challenge is that there are lonely people spending twenty hours seven days per week trying to hack software, but in the best case scenarios, the engineers are only working eight to twelve hours Monday through Friday to prevent them. Maybe I’m a cynic, but I don’t trust that auto manufacturers right now are taking to heart the old precept: hope for the best, plan for the worst.

Back to Apex's Automotive Content Services