A Future Car May Be Protected From Hacking By Software Developed In San Antonio

Jan 26, 2017

Someone looking to hack into your car probably isn't trying to steal from your bank account...but the results could be far more damaging.

[Sound of grinding] "OK, hold on tight...hold on." [sound of impact] "Oh, Bleep!"

That's WIRED magazine's Andy Greenberg being gently driven into a ditch by a couple of hackers. These guys could cut his breaks, turn off his transmission turn on or off just about every function while they sat in a living room, all by hacking into the computer for the car's entertainment system --a system called Uconnect--and installing a software update.

Chrysler issued a recall on all 1.4 million vehicles affected by the above hack and issued a software patch. Car manufacturers are starting to take this seriously. Here's GM CEO Mary Barra at a tech summit last year:

 "Cyber security is one of the most serious challenges we face and we need to make it an industry priority," she said.

 

  

Modern cars have between 50 and 100 electronic control units or computers that run everything from your dome light to your automatic transmission, and as cars become more complex they need to be updated. 

"If you can exploit an update system, it is like the golden entryway," says NYU Professor of Engineering Justin Cappos. Many of the computers are networked together, but made by different vendors. Without many cyber security standards, he says it is getting easier and easier to hack car computers.  

Right now, it's researchers who are doing it, "But it would not surprise me if we saw people with more criminal intent or nation-state actors start to launch these kinds of attacks in the near future," says Cappos.

It would not surprise me if we saw people with more criminal intent or nation-state actors start to launch these kinds of attacks in the near future

He says if you can hack into one car computer, you can probably hack into a fleet of the same car. He and his collaborators have released what may be the beginnings of protection for those vulnerable computer update systems.

Uptane is the name of the software just released and according to collaborator Cameron Mott from the Southwest Research Institute the car crash WIRED magazine demonstrated would never have happened with Uptane.

"That update would have been detected and refused by the ECU. It would have been able to perform its own protection against that particular attack."

That's the hope anyway. Mott, Cappos and their research teams, which includes NYU's Tandon School of Engineering, the University of Michigan and SwRI, are asking white hat --or ethical -- hackers to tear their anti-hacking protection apart and find vulnerabilities.

"Already there's been some investigations into the code that has resulted in someone suggesting an improvement that could be made that was accepted."

This isn't a silver bullet, they say, it is a beginning. And this is the ideal time. Car hacking is in its infancy.  As cars become more complex with "driver assist," driver-less technologies and increased internet connectivity -- remote software updates will proliferate.

"This is that perfect spot for being able to incorporate these kinds of elements into the design process and make sure things are being future-proofed for efforts coming up soon."

The Uptane software isn't ready to be put in cars yet, but when it is researchers hope auto makers and parts manufacturers take advantage of it. The framework is free and open-source.