Trinity, professional hacker [from The Matrix]
MacAfee has issued a report called "Caution: Malware Ahead", which argues that many software systems used in today's cars are vulnerable to attack. The report offers a handful of potential scenarios in which hackers could unlock doors and generate false alarm signals using high-tech equipment.
The problem is that these hacks work only "if physical access to the vehicle’s electronic components inside the passenger cabin is available". Translation: for your vehicle to be affected, a hacker would need access to the inside of your car. As worries go, that puts hacking on par with snipping brake lines.
This is the same point that was brought up in last year's study of auto hacking by researchers at the University of Washington and the University of California, San Diego. As that report indicated, the primary means of hacking a modern automobile is through the on-board diagnostics port, which is, of course, located inside a vehicle.
So, can car computers be hacked?
Yes, it's possible that baddies could futz with your car's on-board computer, but you're unlikely to see that happen. Why? Simple economics: the payoff for hackers isn't yet big enough.
For starters, our cars aren't fully networked. The reason that email viruses work so beautifully is because they propagate quickly through networks, jumping from one computer to another, one server to another. But cars aren't yet wired like that, so remote hacking isn't viable. To fiddle with our cars nowadays, hackers need direct access to them, which is messy, dangerous, and time-consuming. When vehicle-to-vehicle technology becomes more commonplace -- as it undoubtedly will -- the potential become much more real.
Second, although automakers are toying with a number of protocols for existing in-car software, they've reached no consensus yet, meaning that automotive software works on different operating systems. So even if hackers were to write a virus for vehicles, it probably wouldn't work on computers from different manufacturers, or even different model lines. That makes the payoff of hacking pretty minimal. This is why, in the computer world, so few baddies write viruses for Macs; they'd rather build viruses for PCs, which are far more common -- especially among corporations with delicious bank accounts.
Despite all our naysaying, we understand why MacAfee would publish such a report. Even though it's pretty vague, "Caution: Malware Ahead" will no doubt generate interest in antivirus software for automobiles -- and potentially, interest in MacAfee products.
We also understand why some media outlets would take MacAfee's report at face value. After all, in a 24-hour news cycle, you have to write about something.
But in all, "Caution: Malware Ahead" seems alarmist at best. We're not saying that computer malfunctions aren't a danger: just this week, we saw that software gone awry can cause vehicles to do very unpleasant things. And certainly, if you've raised the hackles of a very dedicated hacker, she could take a swipe at your on-board computer (if she has the keys to your car). But for the average driver, there are much more important things to worry about -- for now, anyway.