The History Of Mauritius Automobiles System

Published Date: 02 Nov 2017

Abstract

Nowadays, more and more cars and vehicle in general are being computerised with latest technologies to enhance the features of the vehicle for the security of the vehicle’s owner. The owner feels safer when he or she knows that the vehicle is equipped with gadgets that discourage thieves and self protection when an accident occurs. In automotive electronics, Electronic Control Unit (ECU) is a generic term for any embedded system that controls one or more of the electrical system or subsystems in a motor vehicle.

Modern automobiles are no longer mere mechanical devices. They are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks.

In this research paper, we will evaluate different security issues both in Mauritius and in foreign countries of the either inbuilt or add-ons of these gadgets and its vulnerabilities. These issues will be dealt on a modern automobile and will demonstrate the fragility of the underlying system structure. It will demonstrate how an attacker can infiltrate virtually on any Electronic Control Unit (ECU) and can leverage this ability to completely circumvent a broad array of safety-critical systems and through vulnerabilities in operating system of the device.

INTRODUCTION

Nowadays, there has been a great change in our traditional automobiles system. Today’s automobile is no mere mechanical device, but contains a myriad of computers. These computers coordinate and monitor sensors, components, the driver, and the passengers.

Vehicle Security Alarms importer from Mauritius is looking for wholesale Vehicle Security Alarms exporters from around the world. Build-in security features in high calibre cars like Mercedes and BMW are not fully activated. Some vehicles are not even built in with securities at all. Most of our vehicles in Mauritius either new or second-hand are equipped with "Air Bags", "Central Locking System", "Car Alarm Systems" and "ABS for brakes" but non with security like GPS tracking similar to Automatic Vehicle Locator, Vehicle Black Box Car Camera, used especially for Insurance purposes, License Plate Recognition (LPR) among others.

Mauritius Automobiles System

Proguard Ltd is a company based in Mauritius which provides a Complete Security Solutions. Its core activity was the installation of electronic system related to the security industry.   Proguard Limited was formally established in 1997. Its core activity was the installation of electronic system related to the security industry. The electronic systems installed were intruder alarms, fire alarms, access control systems and CCTV system.

Proguard Limited has always used high quality equipment which it imports from countries such as the United Kingdom, Republic of South Africa, South Korea and Taiwan. Proguard Limited expanded its client base very rapidly and by 2003 it decided to create its own intruder alarm monitoring base.

The main areas of operation are:

Anti-intrusion Alarm Systems

Burglar alarms

Range of Surveillance Cameras & CCTV Systems

Access Control

Fire Alarm Systems

Car Alarm Systems

Automatic Gate

Consultancy on Security matters

The alarm systems are backed up by a 24-hour monitoring and intervention with daily patrols.

Very few companies offer the same services and those who do, specialise in Car Alarm Systems and GPS as gadgets.

Security and Privacy Risks

According to a survey that was conducted in 2010, we have noted that due to lack of security measures, many vehicles were theft in Mauritius, including theft of parts and accessories related to damage and attempted thefts. It clearly shows that there is vulnerability in our automobiles. The table 1 shows that some cases against robbery were reported to Police force. It clearly identifies that 5% of car/van was either stolen or damaged during infringement. However nothing as per the table was mentioned the type and model of cars that were stolen or damaged.

Percentage

 

 

 

Type of vehicle

% Stolen/damaged

% Parked at home during incident

% Reported at the police

Bicycle

8

57

42

Motorcycle

3

26

46

Car/van

5

27

36

Total

 

8

43

41

Table 1. Vehicle theft and theft of parts and accessories including damage and attempted theft, Republic of Mauritius, 2010

In Mauritius, we are all now aware of the vehicle theft and people are more concerned about its security and proper measures are taken to avoid any risks. A survey of type of security was conducted in Mauritius in 2004 and table 2 shows the results of how people are concerned about the automobiles. But the survey clearly shows that not many people are encouraged to install new automobiles technologies that we have in foreign countries due to its non-availability or to its high cost.

Security Measures

Percentage

Vehicle locked in garage at night

58.2

Vehicle locked when left outside

72.5

Alarm system installed

8.0

Avoid parking in certain places

42.8

Other security measures

7.5

Table 2. Type of security measures taken for vehicles, Republic of Mauritius, 2004

Due to lack of technology, our automobile systems are not properly protected. Even if we try to buy a high calibre car like Mercedes, Audi or BMW, some security in-build features are not activated and therefore our automobiles are exposed to theft. Many stolen automobiles were not timely tracked when vehicle were stolen. Police are finding it difficult to capture criminals who get away with stealing cars. Some cars that were stolen were not recovered as thieves have well planned their action.

According to a survey conducted in 2007 in Mauritius, we have noted from Table 3 that automobiles that were related to theft or attempted to theft and its place of incidence.

Place of incident

Percentage

Within own premises

44.2

On Roadside

30.6

Public parking

15.8

Private parking

3.4

Other (e.g. unoccupied land)

6.0

Total

100

Table 3. Place of incidents of vehicle related theft or attempted theft, Republic of Mauritius, 2007

Advantages of Security Technologies

Nowadays, our automobiles are like computers, embedded with all sorts of computer chips so that it is possible for us to have access of to its data (global positioning) when we need it or it transmits data to authorities who have installed it, for example, tracking in real time and traced through cooperation with Security Agencies and the Police.

Some of the devices which are available in Mauritius but some with its limitations though it is in-built but not activated and to foreign countries are as follows:

Car Alarm Systems

Most car alarm systems feature sensors that cause a loud, audible siren to sound when the car is breached while the system is armed. This hopefully calls attention to the thief and discourages him from proceeding with his crime. However it depends upon the model available for the siren. In Mauritius, two types of car alarm systems are available at reasonable price for old cars which did not have this feature. But for new cars and reconditioned cars from Japan, Corea, Singapore, and Germany, these gadgets are already inbuilt in the system.

Car alarm systems can be divided into two main categories--passive and active--based on their activation method based on their activation method as follows:

Passive Car Alarm System

A passive car alarm system is activated once the engine is off and the car is parked. The alarm system is automatically turn on and arms the locking system. These systems generally come equipped with a key that contains a microchip. The key disarms your alarm when you unlock the vehicle. Newer-model vehicles often contain a passive car alarm system when you purchase the car. Some alarm systems offer security features other than just an alarm, such as disabling the ignition or locking the wheels when someone breaks into the vehicle.

Active Car Alarm Systems

An active car alarm system requires manual activation and deactivation of the alarm system by pressing a transmitter button. If you forget to arm the system, the alarm will not go off when a thief breaks into the car. The alarm can only be disarmed by the transmitter (remote control). In Mauritius, most companies offer this type of device to protect the automobiles from theft.

GPS (Global Positioning System) car tracking system

A GPS car tracking unit is a device that uses the Global Positioning System to determine the precise location of a vehicle and to record the position at regular intervals. A car can be tracked on a computer map at a central monitoring station. These systems use the GPS satellite network to track the car on a computer screen. The recorded location data can be stored within the tracking unit, or it may be transmitted to a central location data base, or internet-connected computer, using a cellular (GPRS or SMS), radio, or satellite modem embedded in the unit. Data can be analysed if required by using a GPS tracking software.

Vehicle Black Box Car Camera

The vehicle black box car camera is mostly used in European and in the United States. It is a device that often used a proof against a car accident. It is a camera which is attached to the windshield with included hardware. Insurance companies are encouraging people to buy this gadget and are also giving rebate in the premium. The Vehicle Black Box Car Camera is also encouraged in different authorities as per following table:

Personal Users

Commercial Users

Law Enforcement Users

Government Users

Protect private vehicles

Monitor young drivers

Capture insurance fraud

Record family road trips

Monitor company drivers

Record vehicle abuse

Capture insurance fraud

Document driving conditions

Record suspect actions

Document driving conditions

Officer Training

Support officer actions

Document driving habits

Record travel paths

Agent training

Record emergencies

Vehicle Black Box Car Camera has the following features:

Features

Record video of driving conditions and interior simultaneously

Records video with audio and GPS tracking simultaneously

Capture video for legal or insurance purposes

IR LEDs for night time recording (inside vehicle)

Camera easily mounts in almost any vehicle

 

Vehicle Black Box Car Camera .jpg

Screenshot of the Vehicle Black Box Car Camera

Level AutoLocator

Level AutoLocator is another model of security system that is available in overseas. It is a reliable and effective system for monitoring, tracing and the security of vehicles. It works on the principle of satellite positioning accuracy.  It ensures the immediate identification of the exact position worldwide. The vehicle is tracked in real time and can be traced through cooperation with Security Agencies and the Police force. 

The device is hidden in such a way that the offender does not know where the unit could be in the car. It therefore allows the chance of recovery the car by the Police force if the car is stolen.

Speed and Accuracy

When a vehicle is stolen, time is very important. The faster the intervention, the greater the chances are of recovering an undamaged vehicle. AutoLocator, unlike other security, will immediately notify the owner or a security agency of any unauthorized use of the vehicle. The Agency in turn activates the unit and in collaboration with the police, the vehicle is safeguarded.

In the event of tampering with the vehicle, the AutoLocator system will immediately inform the owner by sms on his/her mobile phone or alert a security agency. This Allows reliable tracking and stopping of vehicles at a distance.

Benefits of this vehicle security:

Timely tracking of the vehicle when stolen

Effective security of a hidden unit

Alarm for unauthorized use of the vehicle

Automatic locking when leaving the vehicle

The possibility of using a vehicle security agency

Saving on insurance of up to 20% 

Remote shutdown of the vehicle

Tilt sensor - preventing wheel theft

Interior sensor - prevents unauthorized entry into the vehicle.

 Automated Vehicle Location (AVL)

Automatic Vehicle Location – Screen Shot

License Plate Readers

A license plate reader is the latest technologies that have been put in place in the USA to help local officers’ combat crime.

Arroyo Grande Police are not making it easy for criminals to get away with stealing cars.

In-build with their new license plate readers, now installed in five of their ten patrol cars, these patrol cars can track car hackers or stolen cars.

The (LPR) system uses cameras on the inside and outside of patrol cars to quickly scan license plates.

It can read plates on moving or parked cars. Instead of calling the plate into dispatch, a computer system notifies officers when the vehicles plate comes back wanted or stolen.

Most stolen vehicles can now be located and recovered.

The system includes three cameras, one for video, and two others to capture a still image of a license plate.

However the total cost of the system is $270-thousand dollars.

License Plate Recognition (LPR)

License Plate Recognition (LPR)

When a BOLO (Be-On-the-Look-Out) is issued, all LPR equipped vehicles can be updated on the fly.

Key Benefits for Law Enforcement

AFFORDABLE: Ability to outfit an entire fleet for a fraction of the cost of the competition

Increased recovery of unpaid fines

Increased number of stolen vehicle recoveries

Increased number of arrests

Increased officer safety

Disadvantages of some automobiles security models

Today, there is more vulnerability in automobile than they appear with the introduction of digital technology into automobiles.

The threat of malicious software and hardware are manipulated and reports have shown many hackers are potential threats to these enhanced technologies.

Our Modern vehicle engines are embedded with latest technologies in their engines and look different with old engines. Years have evolved and new automobiles contain a complex network of as many as 50 to 70 independent computers, electronic control units (ECUs) with up to 100MB of binary code.

With the increasing computerization of vehicles of all types, observers have longer-term concerns over the vulnerabilities of trucks, delivery vans, rental cars and consumer autos. A malicious hacker could, in theory, disable the vehicles, re-route GPS signals or otherwise put employees, customers and the company as a whole in danger.

Modern automobiles are controlled by a heterogeneous combination of digital components. These components, Electronic Control Units (ECUs), oversee a broad range of functionality, including the drive-train, brakes, lighting, and entertainment.

The vulnerability of high-tech cars

Future Is Scary

Auto Security Researchers Try to Protect Vehicles from Computer Viruses

McAfee executive says the future is scary.

Vehicles are becoming more and more reliant on computers for efficiency, safety systems, and infotainment systems. Most vehicles on the market today use throttle-by-wire systems, where the onboard computer controls the throttle of the vehicle. Toyota has had problems in the past with so-called unintended acceleration, with many pointing fingers at the electronic systems in the car.

 

High-profile cases such as this have illustrated the point that computer systems inside modern automobiles can significantly affect the safety of passengers and others on the roads around the country. A team of researchers working for Intel security firm McAfee is attempting to search vehicles for electronic bugs that can make them susceptible to computer viruses.

 

According to some security experts, automakers have failed to protect electronic and computer systems in vehicles from attacks by hackers looking to steal vehicles, eavesdrop on communications inside the vehicle, and potentially harm passengers by causing the vehicles to crash.

 

"You can definitely kill people," said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit. The US cyber Consequences Unit is a nonprofit organization with the goal of helping companies to analyze their potential for targeted computer attacks on products and networks. So far, there have been no violent attacks on automobile computer systems reported.

 

Despite there being no confirmed by violent attacks against automotive computer systems reported, Ford has security engineers at work to secure its Sync communications entertainment system from attack. Ford spokesman Alan Hall said, "Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset."

 

"Any cyber security breach carries certain risk," said Jack Pokrzywa, SAE's manager of ground vehicle standards. "SAE Vehicle Electrical System Security Committee is working hard to develop specifications which will reduce that risk in the vehicle area."

 

Toyota maintains that it isn't aware of any hacking instances conducted against its automobiles. The Department of Homeland Security declined to comment on the risk of vehicular hacking or whether it is aware of any vehicular hacking incidents reports Reuters.

 

McAfee executive Bruce Snell, who oversees the company's car security research, stated, "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening. I don't think people need to panic now. But the future is really scary."

(Reuters) - A team of top hackers working for Intel Corp's security division toil away in a West Coast garage searching for electronic bugs that could make automobiles vulnerable to lethal computer viruses.

Intel's McAfee unit, which is best known for software that fights PC viruses, is one of a handful of firms that are looking to protect the dozens of tiny computers and electronic communications systems that are built into every modern car.

It's scary business. Security experts say that automakers have so far failed to adequately protect these systems, leaving them vulnerable to hacks by attackers looking to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.

"You can definitely kill people," said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a non-profit organization that helps companies analyze the potential for targeted computer attacks on their networks and products.

To date there have been no reports of violent attacks on automobiles using a computer virus, according to SAE International, an association of more than 128,000 technical professionals working in the aerospace and the auto industries.

Yet, Ford spokesman Alan Hall said his company had tasked its security engineers with making its Sync in-vehicle communications and entertainment system as resistant as possible to attack.

"Ford is taking the threat very seriously and investing in security solutions that are built into the product from the outset," he said.

And a group of U.S. computer scientists shook the industry in 2010 with a landmark study that showed viruses could damage cars when they were moving at high speeds. Their tests were done at a decommissioned airport.

SAE International charged a committee of more than 40 industry experts with advising manufacturers on preventing, detecting and mitigating cyber attacks.

Toyota Motor Corp, the world's biggest automaker, said it was not aware of any hacking incidents on its cars.

"They're basically designed to change coding constantly. I won't say it's impossible to hack, but it's pretty close," said Toyota spokesman John Hanson.

Officials with Hyundai Motor Co, Nissan Motor Co and Volkswagen AG said they could not immediately comment on the issue.

A spokesman for Honda Motor Co said that the Japanese automaker was studying the security of on-vehicle computer systems, but declined to discuss those efforts.

A spokesman for the U.S. Department of Homeland Security declined to comment when asked how seriously the agency considers the risk that hackers could launch attacks on vehicles or say whether DHS had learned of any such incidents.

The department helps businesses in the manufacturing and transportation industries secure the technology inside their products and investigates reports of vulnerabilities that could allow attacks.

Bruce Snell, a McAfee executive who oversees his company's research on car security at the Beaverton, Oregon garage, said automakers are fairly concerned about the potential cyber attacks because of the frightening repercussions.

"If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening," he said. "I don't think people need to panic now. But the future is really scary."

COMPUTERS ON WHEELS

White hats are increasingly looking beyond PCs and data centers for security vulnerabilities that have plagued the computer industry for decades and focusing on products like cars, medical devices and electricity meters that run on tiny computers embedded in those products.

Automobiles are already considered "computers on wheels" by security experts. Vehicles are filled with dozens of tiny computers known as electronic control units, or ECUs, that require tens of millions of lines of computer code to manage interconnected systems including engines, brakes and navigation as well as lighting, ventilation and entertainment.

Cars also use the same wireless technologies that power cell phones and Bluetooth headsets, which makes them vulnerable to remote attacks that are widely known to criminal hackers.

"There is tons of opportunity for attack on car systems," said Stuart McClure, an expert on automobile security who recently stepped down as worldwide chief technology officer of McAfee to start his own firm.

Security analysts fear that criminals, terrorists and spies are gradually turning their attention to embedded computers, many of which can be attacked using some of the same techniques as regular computers.

Automakers are rushing to make it easy to plug portable computers and phones to vehicles and connect them to the Internet, but in many cases they are also exposing critical systems that run their vehicles to potential attackers because those networks are all linked within the car.

"The manufacturers, like those of any other hardware products, are implementing features and technology just because they can and don't fully understand the potential risks of doing so," said Joe Grand, an electrical engineer and independent hardware security expert.

Grand estimates that the average auto maker is about 20 years behind software companies in understanding how to prevent cyber attacks.

Chrysler said it was addressing security issues with industry groups and outside organizations including Battelle Corp, a non-profit company that recently established an auto security research center in Columbia, Maryland known as CAVE, or the Center for Advanced Vehicle Environments.

CAVE, which declined to discuss its research on auto security, has hired hacking expert Tiffany Strauchs Rad, a professor at the University of Southern Maine. Last year, she was part of a team that identified flaws in prison networks which could enable hackers to remotely open or lock cell doors.

'SELF DESTRUCT'

Concerns about such possibilities emerged after a group of computer scientists from the University of California and the University of Washington published two landmark research papers that showed computer viruses can infect cars and cause them to crash, potentially harming passengers.

The group chose a fairly banal name, the Center for Automotive Embedded Systems Security. Yet their work is as imaginative as that of Q, the fictional scientist who supplies weapons to British secret agent James Bond.

They figured out how to attack vehicles by putting viruses onto compact discs. When unknowing victims try to listen to the CD, it infects the car radio, then makes its way across the network to more critical systems.

For instance, they came up with a combination attack dubbed "Self Destruct". It starts when a 60-second timer pops up on a car's digital dashboard and starts counting down. When it reaches zero the virus can simultaneously shut off the car's lights, lock its doors, kill the engine and release or slam on the brakes.

In addition to designing viruses to harm passengers in infected vehicles, the academics were able to remotely eavesdrop on conversations inside cars, a technique that could be of use to corporate and government spies.

The research group disbanded after publishing two technical papers, in May 2010 and August 2011, that describe multiple types of attacks and ways to infect cars using Bluetooth systems, wireless networks as well as the car's OnBoard Diagnostics port, which is also known as an OBD-II port. (bit.ly/oao8a8)

One issue of concern is fighting ordinary PC viruses that could potentially infect cars when laptops and other devices are plugged into infotainment systems.

"Viruses are something that needs to be addressed directly. How we guard against that transfer to our system is a primary focus of our efforts," said Toyota spokesman John Hanson.

One major point overlooked in this article is the type of operating system used in the vehicle. As I understand it, viruses are operating system dependent, so if the automobile manufacturers based the car computers around one for which there were few viruses, e.g. a Linux distribution

On the other hand, if the manufacturers used an operating system which was plagued with malware, such as one of the Windows operating systems (for which they would have to pay a licence), then one should expect the vehicle to have poor level of software security.

The vulnerability of high-tech cars

http://www.marketplace.org/sites/default/files/styles/primary-image-610x340/public/cartechnology.jpg

Tomorrow’s cars will be online on the road, and the threat of hacking will grow.

It has been noted that with digital technologies in automobiles, any computer that is connected to the Internet is a potential victim of malicious hackers, for example, some automobiles have "telematics" units or satellite radio signals which automatically calls for emergency from a programmed phone number when there is an accident. This can be a loop hole for hackers.

Imagine if a computer can be hacked on a desktop and destroy the data or launched a denial of service on the operating system, what would be an automobile which is travelling 80 miles an hour. The hacker can take control of the brake and the steering wheel.

Another security issue could be brakes (ABS) and the engines which are computer controlled. A hacker can therefore hack the engine and control the brakes by reading the ROMs. He could then write a virus or script at a given date and time to lock the brakes after a speed limit.

Some European and US manufacturer have installed Internet in their cars for different reasons. Some of the reasons are that the car manufacturer wanted Internet in cars to make remote diagnostics and also to do remote software upgrades of the car software without having to bring the cars into workshops. An alert to the driver’s dashboard following an onboard diagnostics could also be set so that a visit to the garage is required for maintenance.

Automobile Virus

In February 2005, it was reported from SC Magazine that Lexus cars were infected by a virus. Lexus cars could be vulnerabled to viruses that could infect them via mobile phones. Landcruiser 100 models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet.

It seems that no one has done this yet, and the story is based on speculation that a cell phone can transfer a virus to the Lexus using Bluetooth. But it's only a matter of time before something like this actually works.

Car-hacking: Remote access and other security issues

Hackers can control your car remotely.jpg

According to Computerworld, a disgruntled former employee of Texas Auto Center chose a creative way to get back at the Austin-based dealership. He hacked into the company's computers and remotely activated the vehicle-immobilization system, which triggered the horn and disabled the ignition system in more than 100 of the vehicles. The dealership had installed the system in their cars as a way to deal with customers who fell behind on their payments.

Police arrested the man and charged him with breach of computer security. His legal status was unclear as of our deadline for this story.

Out-of-control honking horns may be annoying, but other types of hacking, such as cutting the engine of unsuspecting drivers, could have deadly consequences. Although most experts agree there isn't an immediate risk, vehicle hacking is something that bears watching.

Can Your Car Be Hacked?

you might be behind the wheel, but increasingly, computers control your car’s every function.

Microprocessors direct braking, acceleration and even the horn these days. "Because they are hidden, people don’t often understand that there can be anywhere from 30 to 40 microprocessors in most cars and even up to 100 different ones running different functions in some vehicles," says Stephan A. Tarnutzer, chief operating officer for DGE Inc., which provides electronic designs and consulting for auto manufacturers and suppliers.

But could a hacker compromise these systems? Recently, several news reports have raised the issue of car-hacking risks, including:

Vehicle disablement. After a disgruntled former employee took over a Web-based vehicle-immobilization system at an Austin, Texas, car sales center, more than 100 drivers found their vehicles had been disabled or their horns were honking out of control.

Tire pressure system hacking. Researchers from the University of South Carolina and Rutgers University were able to hack into tire pressure monitoring systems. Using readily available equipment and free software, the researchers triggered warning lights and remotely tracked a vehicle through its unique monitoring system.

Disabling brakes. Researchers at the University of Washington and University of San Diego created a program that would hack into onboard computers to disable brakes and stop the engine. The researchers connected to onboard computers through ports for the cars’ diagnostic system.

Is your car at risk?

The potential for car hacking is real, although there may not be a financial incentive for hackers to focus on autos just yet, say the experts. "All the malware attacks consumers are faced with every day have financial motives behind them," says Ryan Smith, a principal researcher with Accuvant Labs who finds vulnerabilities in computer systems.

Most of the danger right now may come from hackers who want to demonstrate their prowess and enhance their reputations, says Tarnutzer. And the increased reliance on wireless systems -- such as the tire pressure monitoring system -- makes your car more vulnerable to these attacks, says John Bambene, a security researcher with the Internet Storm Center, the global cooperative community that monitors cyberthreats.

Protect your car from hacking

Security is largely in the hands of auto manufacturers, who are working to address concerns. In the meantime, you can take these steps to protect your vehicle:

Ask about wireless systems. Familiarize yourself with the wireless systems if you’re purchasing a new car, advises Bambenek. For a car you already own, you can review your manual or check online. Find out if any of the systems can be operated remotely.

Ask about remote shutdown. If you’re financing through the company from which you purchased the vehicle, ask about remote shutdown related to repossession. Make sure the seller has security measures in place that control access to the system.

Go to reputable dealers and repair shops. It’s possible for unscrupulous garages to manipulate your car’s computer systems, making it appear you need repairs that aren’t actually warranted. Don’t cut corners when it comes to choosing a dealer or repair shop.

Protect your information. Of course, locking your car is always wise. And if you use OnStar -- the GM-owned auto security and information service -- make sure you don’t leave OnStar-related documents or your password in the car, says John Luludis, president and co-founder of Superior Tech Solutions, an IT provider, and a former car industry tech executive. Since OnStar can remotely shut off your engine if you report the vehicle stolen, there’s the potential for mischief if your password falls in the wrong hands.

Be cautious about after-market devices. After-market car systems may not be as rigorously tested or designed, opening you to vulnerabilities, says Tarnutzer.

Luludis compares the use of computers in cars to the development in our use of personal computers. Hacking exploded when the Internet evolved, making it easy to access computers via networks. Wireless connections mean your car is no longer a closed system. "Once you have connection to vehicles, you have an entry point for people to try to access," says Luludis. "The only thing standing in their way now is a standardized piece of software. It’s a concern we need to address."

Car computer systems hacked remotely - Be Afraid, Very Afraid

Your car is highly vulnerable to Malware through a cellphone, Wi-Fi, infected MP3 and other means. Be very afraid! - Hackers can hijack the car's computer systems to disable the brakes, change the cruise control, turn the engine on and off, and control most of the electrical systems such as the lights, climate control, odometer, locks and your radio.

Researchers have found various vulnerable sites and ways hackers can gain access. Most modern cars have what is called an 'On-Board Diagnostics (OBD-II)' port. This is an access point that repairers hook-up to get data on the vehicle's performance and to modify various things such as the timing of the engine, and most of the car's electrical systems and functions. This is a primary access point for hackers as virtually everything can be changed using this port designed to provide direct access to the car's computer.

Automotive Embedded Systems

Digital control, in the form of self-contained embedded

systems called Engine Control Units (ECUs), entered US

production vehicles in the late 1970s, largely due to requirements

of the California Clean Air Act (and subsequent

federal legislation) and pressure from increasing gasoline

prices [21]. By dynamically measuring the oxygen present

in exhaust fumes, the ECU could then adjust the fuel/oxygen

mixture before combustion, thereby improving efficiency

and reducing pollutants. Since then, such systems have been

integrated into virtually every aspect of a car’s functioning

and diagnostics, including the throttle, transmission, brakes,

passenger climate and lighting controls, external lights,

entertainment, and so on, causing the term ECU to be

generalized to Electronic Control Units. Thus, over the last

few decades the amount of software in luxury sedans has

grown from virtually nothing to tens of millions of lines of

code, spread across 50–70 independent ECUs [8].

C. Threat Model

In this paper we intentionally and explicitly skirt the

question of a "threat model." Instead, we focus primarily

on what an attacker could do to a car if she was able to

maliciously communicate on the car’s internal network. That

said, this does beg the question of how she might be able

to gain such access.

While we leave a full analysis of the modern automobile’s

attack surface to future research, we briefly describe here the

two "kinds" of vectors by which one might gain access to

a car’s internal networks.

The first is physical access. Someone—such as a mechanic,

a valet, a person who rents a car, an ex-friend, a

disgruntled family member, or the car owner—can, with

even momentary access to the vehicle, insert a malicious

component into a car’s internal network via the ubiquitous

OBD-II port (typically under the dash). The attacker may

leave the malicious component permanently attached to the

car’s internal network or, as we show in this paper, they

may use a brief period of connectivity to embed the malware

within the car’s existing components and then disconnect. A

similar entry point is presented by counterfeit or malicious

components entering the vehicle parts supply chain—either

before the vehicle is sent to the dealer, or with a car owner’s

purchase of an aftermarket third-party component (such as

a counterfeit FM radio).

The other vector is via the numerous wireless interfaces

implemented in the modern automobile. In our car we

identified no fewer than five kinds of digital radio interfaces

accepting outside input, some over only a short range and

others over indefinite distance. While outside the scope of

this paper, we wish to be clear that vulnerabilities in such

services are not purely theoretical. We have developed the

ability to remotely compromise key ECUs in our car via

externally-facing vulnerabilities, amplify the impact of these

remote compromises using the results in this paper, and

ultimately monitor and control our car remotely over the

Internet.

Conclusion

ECUs which are connected to one another and to the Internet, making car computers as vulnerable to the same digital dangers widely known among PCs and other networked devices: viruses, Trojans, denial-of-service attacks and more.