NEWS


Computing Now Exclusive Content — December 2011

News Archive

July 2012

Gig.U Project Aims for an Ultrafast US Internet

June 2012

Bringing Location and Navigation Technology Indoors

May 2012

Plans Under Way for Roaming between Cellular and Wi-Fi Networks

Encryption System Flaw Threatens Internet Security

April 2012

For Business Intelligence, the Trend Is Location, Location, Location

Corpus Linguistics Keep Up-to-Date with Language

March 2012

Are Tomorrow's Firewalls Finally Here Today?

February 2012

Spatial Humanities Brings History to Life

December 2011

Could Hackers Take Your Car for a Ride?

November 2011

What to Do about Supercookies?

October 2011

Lights, Camera, Virtual Moviemaking

September 2011

Revolutionizing Wall Street with News Analytics

August 2011

Growing Network-Encryption Use Puts Systems at Risk

New Project Could Promote Semantic Web

July 2011

FBI Employs New Botnet Eradication Tactics

Google and Twitter "Like" Social Indexing

June 2011

Computing Commodities Market in the Cloud

May 2011

Intel Chips Step up to 3D

Apple Programming Error Raises Privacy Concerns

Thunderbolt Promises Lightning Speed

April 2011

Industrial Control Systems Face More Security Challenges

Microsoft Effort Takes Down Massive Botnet

March 2011

IP Addresses Getting Security Upgrade

February 2011

Studios Agree on DRM Infrastructure

January 2011

New Web Protocol Promises to Reduce Browser Latency

To Be or NAT to Be?

December 2010

Intel Gets inside the Helmet

Tuning Body-to-Body Networks with RF Modeling

November 2010

New Wi-Fi Spec Simplifies Connectivity

Expanded Top-Level Domains Could Spur Internet Real Estate Boom

October 2010

New Weapon in War on Botnets

September 2010

Content-Centered Internet Architecture Gets a Boost

Gesturing Going Mainstream

August 2010

Is Context-Aware Computing Ready for the Limelight?

Flexible Routing in the Cloud

Signal Congestion Rejuvenates Interest in Cell Paging-Channel Protocol

July 2010

New Protocol Improves Interaction among Networked Devices and Applications

Security for Domain Name System Takes a Big Step Forward

The ROADM to Smarter Optical Networking

Distributed Cache Goes Mainstream

June 2010

New Application Protects Mobile-Phone Passwords

WiGig Alliance Reveals Ultrafast Wireless Specification

Cognitive Radio Adds Intelligence to Wireless Technology

May 2010

New Product Uses Light Connections in Blade Server

April 2010

Browser Fingerprints Threaten Privacy

New Animation Technique Uses Motion Frequencies to Shake Trees

March 2010

Researchers Take Promising Approach to Chemical Computing

Screen-Capture Programming: What You See is What You Script

Research Project Sends Data Wirelessly at High Speeds via Light

February 2010

Faster Testing for Complex Software Systems

IEEE 802.1Qbg/h to Simplify Data Center Virtual LAN Management

Distributed Data-Analysis Approach Gains Popularity

Twitter Tweak Helps Haiti Relief Effort

January 2010

2010 Rings in Some Y2K-like Problems

Infrastructure Sensors Improve Home Monitoring

Internet Search Takes a Semantic Turn

December 2009

Phase-Change Memory Technology Moves toward Mass Production

IBM Crowdsources Translation Software

Digital Ants Promise New Security Paradigm

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

Could Hackers Take Your Car for a Ride?

by George Lawton

Cars are becoming increasingly networked, leading to concern among some security experts that hackers could exploit this to cause potentially serious problems.

Vehicles have internal networks accessible from within the car. They are also increasingly working with external networks like that used by General Motors' OnStar driver-assistance system.

Researchers have shown that hackers could even compromise automobiles via their entertainment systems by, for example, using specially crafted malicious CDs or music files.

Thus far, only one carhacking incident has occurred, in which a disgruntled former car-leasing company employee allegedly remotely disabled about 100 vehicles.

However, although most security experts say carhacking doesn't represent a serious threat now, they contend this could change as automobiles become more networked and hackers become more sophisticated.

Carhacking

About 10 years ago, enthusiasts started using a form of carhacking to get into an automobile's computer system, modify settings, and improve engine performance, noted University of Washington graduate student Karl Koscher, who studies the security of vehicular computer and communications systems.

Real-life incident

In 2010, a former car dealership employee in Austin, Texas, was arrested for allegedly using a password stolen from a former coworker to hack into a remote immobilizer system and disable about 100 already-purchased cars.

The hacker is accused of attacking the WebTeckPlus system, operated by Pay Technologies, which the dealership used with customers who didn't make their payments.

Dealers install WebTeck devices — which obey commands issued over a wireless pager network — in cars they sell. If a car payment is past due, the dealer could use the system to disable the vehicle's ignition system or activate the horn.

Research

Researchers have demonstrated the possibility of various internal and external attacks.

Attacks requiring vehicle access. In 2010, University of Washington and University of California, San Diego (UCSD), researchers reverse-engineered a new car to produce working exploits.

They developed several attacks using a technique called fuzzing, in which a large number of packets with randomly generated data are sent to an automotive system to determine which, if any, cause problems. Hackers could use such information to launch attacks.

"We constructed attacks that would control many of the car's systems including the engine, the brakes, and the lights," said UCSD doctoral candidate Steve Checkoway.

He noted that fuzzing required the researchers to access the OBD-II port for onboard diagnostics, located under the dashboard.

Attackers could also use specially crafted CDs or Windows Media Audio files that include a Trojan horse. When these files are played on certain vehicular media-control systems, hackers could gain control of various automotive systems.

In some cases, attackers could also exploit vehicles' built-in Wi-Fi, Bluetooth, and cellular connections.

Checkoway said that computerized systems within a car typically aren't isolated from one another. Thus, he explained, "compromising a single computer is sufficient to compromise all of them. This means that compromising even something as innocuous as the car's radio [via a maliciously formatted CD] can compromise the brakes."

Remote attacks. Researchers Alan Bailey and Matthew Solnik with security consultancy iSec Partners recently demonstrated a fundamental weakness in the baseband general-packet-radio-service (GPRS) cellular and short-message-service (SMS) infrastructures used in remote-vehicular assistance services and in Internet-enabled security systems.

They first figured out how to intercept wireless messages between the car and a remote vehicle-assistance network such as OnStar, Ford's MyFord Touch, BMW Assist, and Mercedes Benz's mbrace.

Using a laptop with a GPRS radio, they then recreated the messages and remotely compromised a car with an Internet-enabled security system, which lets drivers open the doors via a smartphone. The researchers were thus able to unlock the vehicle and start the engine.

Hackers could remotely identify and interact with cars that work with remote-assistance systems via war texting. With this technique, the hacker drives around with a specially equipped laptop and sends out malicious SMS messages until one is received by a vulnerable vehicle.

University of South Carolina researchers discovered that it's possible to fool the communications system in the electronic tire gauges in late-model cars into reporting a tire problem to the driver via a dashboard display. They accomplished this by jamming and overpowering the tire-pressure system's radio signal with their own specially crafted radio.

This could let criminals trick drivers who think they have tire problems into stopping, at which point they could be robbed.

Researchers at the Swiss Federal Institute of Technology Zurich studied automobile keys with wireless-communications capabilities, which are popular in many late-model cars.

They found a way to trick the car into asking the key for the unlock code. They then recorded this code and generated it using a computer connected to a radio. This could enable a hacker to follow a victim, capture their unlock code, open the door when the car is unattended, and start the vehicle.

Driving ahead

With one exception, carhacking has been demonstrated only in laboratories and only against certain types of automobile components.

Carhacking attacks are hard to launch today, in part because finding a vulnerable vehicle could be difficult and time-consuming, noted the University of Washington's Koscher. For example, only a minority of vehicles have remote car-assistance systems such as OnStar
However, automobiles could face new hacking threats in the future.

For example, car owners can plug a growing number of products into their ODB-II ports, including Bluetooth-based diagnostic dongles and insurance companies' tracking devices. This could create vulnerabilities.

Moreover, new wireless networks — such as those between vehicles and those between vehicles and the Internet — could open additional hacking routes.

In response to the threats, Checkoway said, automobile companies and regulators have begun taking steps to secure vehicles.
For example, the Society of Automotive Engineers and the US Council for Automotive Research have created vehicular-cybersecurity working groups.

"Ford is … investing in security solutions that are built into the product from the outset," said Alan Hall, communications manager for technology, research, and innovation with the company. "The use of threat modeling and documenting potential areas of vulnerability is a critical element of our design efforts."

Ford is taking steps such as building firewalls into the networks within automobiles, whitelisting applications that can safely access vehicular networks, separating the car-control network from the infotainment network, and deploying Wi-Fi Protected Access security technology.

"One thing to keep in mind is that [carhackers] don't have to have a 100 percent success rate," said the University of Washington's Koscher. "If you take what seems like the most likely hacking scenario, in which people use technological means to steal cars, you can spread your malware broadly and wait for the vulnerable cars to report back to you. You may have a low chance of success, but when it works, there's a big payday."

George Lawton is a freelance technology writer based in Guerneville, California. Contact him at glawton@glawton.com.