McAfee has hired the infamous Barnaby Jack to hack into cars, reports PC Pro UK.OK, things are fixin' to get really interesting, really fast. My suspicion is that the design teams are about to go from zero to damn how do we fix that in 5.3 seconds. Never mind their lame denials:
Jack is a researcher who shocked the world when he demonstrated ways that crooks can force ATMs to give them cash. He also showed off a trick that causes medical pumps to spit out lethal doses of insulin.
Yet, Ford spokesman Alan Hall said his company had tasked its security engineers with making its Sync in-vehicle communications and entertainment system as resistant as possible to attack. "Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset," he said.Translation: now that it's getting all real and in our faces, the next version will suck at least 50% less. Fortunately for Ford, their competitors are all in the same leaky boat:
Toyota said it was not aware of any hacking incidents on its cars and said it had built-in protections. "They're basically designed to change coding constantly. I won't say it's impossible to hack, but it's pretty close," said Toyota spokesman John Hanson.And I won't say that Toyota spokesman John Hanson is an idiotic PR flack who spells "security" as S-E-K-U-R-I-T-Y, but his statement is nothing but Bravo Sierra.
Car makers are rushing to make it easy to plug portable computers and phones to vehicles and connect them to the internet, but in many cases they are also exposing critical systems that run their vehicles to potential attackers because those networks are all linked within the car.I would bet big money that every word of this is Gospel Truth. Demonstration attacks have been created that use the CD player, and that come into the car via MP3. It's almost a certainty that WiFi, bluetooth, or (shudder) Internet (hello, 3G!) could be the vectors. A moment thinking like an attacker can give you scenarios galore. How's this: An SMS to a targeted user causes a map to get downloaded from the Internet. The map contains malware that causes one tire to deflate, the throttle to firewall, and the brakes fail, but only when the car reaches 70 MPH. It also wipes any logs so that the accident is hard to reconstruct.
"The manufacturers, like those of any other hardware products, are implementing features and technology just because they can and don't fully understand the potential risks of doing so," said Joe Grand, an electrical engineer and independent hardware security expert.
Grand estimates that the average auto maker is about 20 years behind software companies in understanding how to prevent cyber attacks.
All of my gentle readers can add their own scenarios, no doubt. And so the term "Detroit Coffin" seems to be coming literally true. Drive like lightening to add the Internet and computer control. Mission accomplished!