Israeli ex-spies want to help you defend your car from cybercrooks
Who needs a lock pick when you've got an electronic key?
Security shortcomings in new cars could nurture a new branch of the infosec industry in much the same way that Windows' security failings gave rise to the antivirus industry 20 or so years ago, auto-security pioneers hope.
Former members of Unit 8200, the signals intelligence unit of the Israel Defense Forces, have banded together to create a start-up developing technology and services designed to protect connected cars from next generation hackers.
Argus Cyber Security has developed an intrusion prevention system "appliance" for cars instead of computers. The Israeli start-up is also offering consulting services to car makers, who it claims are waking up to the nascent threat.
Car thieves are already taking advantage of electronic car entry and ignition systems to steal cars. Recent reports suggest that insurers are refusing cover for keyless Range Rovers in London following the rise of targeted attacks on keyless cars.
But there's also a more subtle and less immediate hacker threat.
Connected cars lay the groundwork for the introduction of new features, such as navigation by points of interest, music and video streaming, and also remote control of the vehicle via products and services such as GM’s OnStar and BMW's ConnectedDrive.
All of this extra internet-connected technology increases the number of way malicious parties might be able to hack potentially vulnerable vehicles.
Once inside, an attacker can utilise the vehicle’s internal communication bus and take control of additional modules inside the vehicle, including safety-critical systems like the ABS and engine ECUs (electronic computing units, the embedded computing systems in cars), according to Argus.
US Defense Advanced Research Projects Agency (DARPA)-sponsored research by Chris Valasek and Charlie Miller showed that a hacker might be able to take control of the vehicle – affecting the steering wheel, accelerate the vehicle, activate the brakes, turn off the engine, and more.
Even if the network is segmented, the gateways can be compromised to pass on malicious messages. Valasek and Miller recently published research on the relative "hackability" of various models and makes of cars.
It might even be possible for an attacker to reflash modules, override hard coded safety measures and install trojan horses. "Pay me or your car won't start" ransomware scams against future car owners are another possibility, as are actual drive-by malware attacks from infected cars, according to Argus.