BusinessWeek reports on how research by a team led by UW Computer Science & Engineering professor Yoshi Kohno and UC San Diego professor (and UW CSE alum) Stefan Savage has led engineers at the Society of Automotive Engineers (SAE) to launch a project to harden automotive command and control systems. The research has shown that it’s possible to compromise critical automotive systems such as braking and engine functions without physical access to the vehicle.
Two paths towards such control are the Bluetooth wireless network used for hands-free use of a mobile phone, and via the telematics systems such as OnStar and (F) SYNC. Attacks via Bluetooth require close proximity to the vehicle, but attacks via telematics systems, which are based on the public switched telephone system and linked cellular mobile phone system, can be executed from anywhere in the world. The Kohno/Savage team has demonstrated that vulnerability by unlocking and starting a standard vehicle from half a continent away.
The SAE project will develop new standards to prevent such attacks, but security is a process, not a product, and the process will be ongoing.
The full text of the article in BusinessWeek is here. We’ve previously reported on the automotive security research here and here.