Road Hackers - The Perils And Possibilities Of Internet Car Connectivity

"I spy with my little car..."
"I spy with my little car..."
Christof Vieweg

BERLIN - Drivers have been communicating with each other for 125 years with brake lights, turn signals and horns. But a new era is beginning: Car-to-X Communication (C2X). This is connectivity between vehicles making it possible for them to exchange information and warn of dangers.

In early 2007, with about 40 million euros of taxpayer money, a research project called Project SIM-TD (for ‘Safe Intelligent Mobility-Test Area Germany’) was launched in Frankfurt. German automobile manufacturers, suppliers and communication companies tested the new technology on about 1,000 cars.

This summer, the project team at Daimler announced that 120 vehicles would be on the roads in the Frankfurt Rhine-Main region to test car-to-X communication through the end of the year. But there are still many obstacles to overcome before wireless networking between cars becomes mainstream.

The C2X project aims to improve road safety – but problems with data protection could turn it into a safety risk. "The development of C2X technology paves the way toward new possibilities for manipulation, particularly outside third-party attacks," says Germany’s Federal Highway Research Institute (BASt). The institute warns that such systems could even "pose a danger to road traffic." The issue is that Internet connectivity and networking could make cars targets for hacker attacks.

University of California researchers have demonstrated various examples of outside manipulation, such as maliciously using web-based vehicle-immobilization systems that can remotely disable a car against its unsuspecting owners.

German carmakers are aware of these dangers, and are taking appropriate steps. "Security is a major concern with us," says BMW spokeswoman Melina Aulinger. The company’s models include up to 70 devices and a gigabyte of data all aimed at heightening security. Professor Jana Dittmann, who heads the Multimedia and Security research group at the University of Magdeburg, supports security-conscious approaches. Group experts have long advocated paying particular attention to the safety aspect. "The potential threat of IT-based attacks on cars keeps increasing," says Dittmann.

Privacy and security risks

“Each interface serves as a motivator and means for an attacker to access the vehicle,” said Professor Stefan Gross of the Ostfalia University of Applied Sciences in a contribution written for Internet security company McAfee.

Embedded technology such as Bluetooth connections between mobile phones and hands-free sets, remote keyless entry, infotainment systems and online help systems as well as planned C2X send/receive systems all pose security risks. The remote apps that some manufacturers have introduced so that certain functions can be downloaded via iPhone are another potential privacy risk.

Security experts warn that criminals can use these and other means to penetrate a car’s electronic system and cause extensive damage. Scenarios range from fleeing bank robbers who disable the police cruisers chasing them to scam artists who stand by the roadside using the Bluetooth PIN codes of passing cars to mount a remote attack against them, or even thieves that manipulate navigation systems to redirect vehicles transporting valuable cargo.

Rigorous security with regard to all information will have to go hand in hand with the new technology. BMW’s System Connected Drive for example sends data gathered by the SIM card integrated in the vehicle to an "IT Backend" before processing it, and the manufacturer says that personal data is not recorded. The data check is also meant to prevent smartphone apps from ending up in the in-vehicle infotainment system.

A German company called Secunet has developed what they call a Secure Communication Unit (SCU) to ward off attacks. Every time an Internet connection is called up, as with a home computer the SCU establishes a dynamic IP address. The IP connection is interrupted if there is a attack so that the attacker loses contact and then a new IP address is established.

Encryption will occupy a major place in ensuring security: car manufacturers place trust in the Advanced Encryption Standard (AES). "Security technology is going to be the key technology for nearly all innovations in automobiles," says Professor Christof Paar of Ruhr University in Bochum. "Most users are more likely to accept malware on their laptop than they are in their car’s braking system.”

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!

In Argentina, A Visit To World's Highest Solar Energy Park

With loans and solar panels from China, the massive solar park has been opened a year and is already powering the surrounding areas. Now the Chinese supplier is pushing for an expansion.

960,000 solar panels have been installed at the Cauchari park

Silvia Naishtat

CAUCHARI — Driving across the border with Chile into the northwest Argentine department of Susques, you may spot what looks like a black mass in the distance. Arriving at a 4,000-meter altitude in the municipality of Cauchari, what comes into view instead is an assembly of 960,000 solar panels. It is the world's highest photovoltaic (PV) park, which is also the second biggest solar energy facility in Latin America, after Mexico's Aguascalientes plant.

Spread over 800 hectares in an arid landscape, the Cauchari park has been operating for a year, and has so far turned sunshine into 315 megawatts of electricity, enough to power the local provincial capital of Jujuy through the national grid.

It has also generated some $50 million for the province, which Governor Gerardo Morales has allocated to building 239 schools.

Abundant sunshine, low temperatures

The physicist Martín Albornoz says Cauchari, which means "link to the sun," is exposed to the best solar radiation anywhere. The area has 260 days of sunshine, with no smog and relatively low temperatures, which helps keep the panels in optimal conditions.

Its construction began with a loan of more than $331 million from China's Eximbank, which allowed the purchase of panels made in Shanghai. They arrived in Buenos Aires in 2,500 containers and were later trucked a considerable distance to the site in Cauchari . This was a titanic project that required 1,200 builders and 10-ton cranes, but will save some 780,000 tons of CO2 emissions a year.

It is now run by 60 technicians. Its panels, with a 25-year guarantee, follow the sun's path and are cleaned twice a year. The plant is expected to have a service life of 40 years. Its choice of location was based on power lines traced in the 1990s to export power to Chile, now fed by the park.

Chinese engineers working in an office at the Cauchari park


Chinese want to expand

The plant belongs to the public-sector firm Jemse (Jujuy Energía y Minería), created in 2011 by the province's then governor Eduardo Fellner. Jemse's president, Felipe Albornoz, says that once Chinese credits are repaid in 20 years, Cauchari will earn the province $600 million.

The Argentine Energy ministry must now decide on the park's proposed expansion. The Chinese would pay in $200 million, which will help install 400,000 additional panels and generate enough power for the entire province of Jujuy.

The park's CEO, Guillermo Hoerth, observes that state policies are key to turning Jujuy into a green province. "We must change the production model. The world is rapidly cutting fossil fuel emissions. This is a great opportunity," Hoerth says.

The province's energy chief, Mario Pizarro, says in turn that Susques and three other provincial districts are already self-sufficient with clean energy, and three other districts would soon follow.

Keep up with the world. Break out of the bubble.
Sign up to our expressly international daily newsletter!