SANTA CLARA, Calif., Sept. 7, 2011 – McAfee, in partnership with Wind River and ESCRYPT, today released a new report “Caution: Malware Ahead,” an analysis of emerging risks in automotive system security. The first-of-its kind report examines the security of electrical systems that have become commonplace in today’s cars. These embedded devices are used in almost all areas of automobiles including airbags, radios, power seats, anti-lock braking systems, electronic stability controls, autonomous cruise controls, communication systems and in-vehicle communication.
Researchers at several universities have demonstrated that critical safety components of an automobile can be hacked if physical access to the vehicle’s electronic components is available. Other researchers have showed that an attack can be mounted to track a vehicle and compromise passengers’ privacy by tracking the RFID tags using powerful long-distance readers at around 40 meters.
“As more and more functions get embedded in the digital technology of automobiles, the threat of attack and malicious manipulation increases,” said Stuart McClure, senior vice president and general manager, McAfee. “Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer. It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”
The automobile industry is continually adding features and technologies that deliver new conveniences such as Internet access and the ability to further personalize the driving experience. Consumers want to stay connected, even in their cars, which is motivating automobile manufacturers to increase integration between cars and consumer devices such as smartphones and tablets. However, in the rush to add features, security has often been an afterthought. The report highlights examples of how automotive systems have been compromised.
The new report from McAfee examines risks associated with cybercriminal activity including:
Remotely unlock and start car via cell phone
Disable car remotely
Track a driver’s location, activities and routines
Steal personal data from a Bluetooth system
Disrupt navigation systems
Disable emergency assistance
“The auto industry is experiencing a convergence of consumer and automotive electronics. Consumers are increasingly expecting the same experiences in-vehicle as they do with the latest connected consumer and mobile devices. However, as the trend for ubiquitous connectivity grows, so does the potential for security vulnerabilities,” said Georg Doll, senior director for automotive solutions at Wind River. “The report highlights very real security concerns, and many in the auto industry are already actively designing solutions to address them. Given the development time for automobiles, the industry is finding it essential to start work now by teaming up with those possessing the right mix of software expertise.”
For the full report, please visit www.mcafee.com/autoreport.