Get unlimited access to Worldcrunch

You can cancel anytime.

SUBSCRIBERS BENEFITS

Ad-free experience ^NEW

Exclusive international news coverage

Access to Worldcrunch archives

Monthly Access

30-day free trial, then $2.90 per month.

Annual Access ^{BEST VALUE}

$19.90 per year, save $14.90 compared to monthly billing.save $14.90.

Germany

Road Hackers - The Perils And Possibilities Of Internet Car Connectivity

"I spy with my little car..."

Daimler

Christof Vieweg

BERLIN - Drivers have been communicating with each other for 125 years with brake lights, turn signals and horns. But a new era is beginning: Car-to-X Communication (C2X). This is connectivity between vehicles making it possible for them to exchange information and warn of dangers.

In early 2007, with about 40 million euros of taxpayer money, a research project called Project SIM-TD (for ‘Safe Intelligent Mobility-Test Area Germany’) was launched in Frankfurt. German automobile manufacturers, suppliers and communication companies tested the new technology on about 1,000 cars.

This summer, the project team at Daimler announced that 120 vehicles would be on the roads in the Frankfurt Rhine-Main region to test car-to-X communication through the end of the year. But there are still many obstacles to overcome before wireless networking between cars becomes mainstream.

The C2X project aims to improve road safety – but problems with data protection could turn it into a safety risk. "The development of C2X technology paves the way toward new possibilities for manipulation, particularly outside third-party attacks," says Germany’s Federal Highway Research Institute (BASt). The institute warns that such systems could even "pose a danger to road traffic." The issue is that Internet connectivity and networking could make cars targets for hacker attacks.

University of California researchers have demonstrated various examples of outside manipulation, such as maliciously using web-based vehicle-immobilization systems that can remotely disable a car against its unsuspecting owners.

German carmakers are aware of these dangers, and are taking appropriate steps. "Security is a major concern with us," says BMW spokeswoman Melina Aulinger. The company’s models include up to 70 devices and a gigabyte of data all aimed at heightening security. Professor Jana Dittmann, who heads the Multimedia and Security research group at the University of Magdeburg, supports security-conscious approaches. Group experts have long advocated paying particular attention to the safety aspect. "The potential threat of IT-based attacks on cars keeps increasing," says Dittmann.

Privacy and security risks

“Each interface serves as a motivator and means for an attacker to access the vehicle,” said Professor Stefan Gross of the Ostfalia University of Applied Sciences in a contribution written for Internet security company McAfee.

Embedded technology such as Bluetooth connections between mobile phones and hands-free sets, remote keyless entry, infotainment systems and online help systems as well as planned C2X send/receive systems all pose security risks. The remote apps that some manufacturers have introduced so that certain functions can be downloaded via iPhone are another potential privacy risk.

Security experts warn that criminals can use these and other means to penetrate a car’s electronic system and cause extensive damage. Scenarios range from fleeing bank robbers who disable the police cruisers chasing them to scam artists who stand by the roadside using the Bluetooth PIN codes of passing cars to mount a remote attack against them, or even thieves that manipulate navigation systems to redirect vehicles transporting valuable cargo.

Rigorous security with regard to all information will have to go hand in hand with the new technology. BMW’s System Connected Drive for example sends data gathered by the SIM card integrated in the vehicle to an "IT Backend" before processing it, and the manufacturer says that personal data is not recorded. The data check is also meant to prevent smartphone apps from ending up in the in-vehicle infotainment system.

A German company called Secunet has developed what they call a Secure Communication Unit (SCU) to ward off attacks. Every time an Internet connection is called up, as with a home computer the SCU establishes a dynamic IP address. The IP connection is interrupted if there is a attack so that the attacker loses contact and then a new IP address is established.

Encryption will occupy a major place in ensuring security: car manufacturers place trust in the Advanced Encryption Standard (AES). "Security technology is going to be the key technology for nearly all innovations in automobiles," says Professor Christof Paar of Ruhr University in Bochum. "Most users are more likely to accept malware on their laptop than they are in their car’s braking system.”